Feeds

Malware devs offer $100 a pop for 'active' Google Play accounts

Underground market is full of Android wrongness

Securing Web Applications Made Simple and Scalable

Virus writers are paying top dollar for access to "active" Google Play accounts to help them spread mobile malware across the Android ecosystem.

Google charges $25 to Android developers who wish to sell their wares through the Google Play marketplace but a denizen of an underground cybercrime forum is offering to purchase these accounts for $100 apiece, a 300 per cent mark-up.

The miscreant is offering "$100 for sellers willing to part with an active, verified Play account that is tied to a dedicated server". Developer accounts at Google Play can be used to offer malware up as legitimate apps before offering these Trojanised packages for sale to prospective marks.

The same wheeler-dealer is also selling an Android mobile malware creation toolkit that targets banking customers of Citibank, HSBC and ING and many other banks in multiple countries, reports investigative journalist turned security blogger Brian Krebs.

The Perkele (a Finnish curse word for “devil” or “damn”) malware sold by the trickster is designed to intercept incoming SMS messages from banks sent to infected Android phones. Perkele is designed to work in tandem with malware on compromised PCs. When a surfer visits a banking site from an infected PC they are prompted to supply their number and install a "special security certificate" on their mobile phone.

Links to a website hosting mobile malware are then sent to this phone number in the hopes of tricking victims into installing the mobile component of Perkele onto their Android smartphones.

As Krebs explains (screenshot here), this approach to mobile banking malware is fairly rudimentary and doesn't bear comparison with the most advanced mobile malware but scores in terms of flexibility and apparent effectiveness. Perkele is designed to work alongside any malware family that support web injects. The hawker of the cybercrime tool has been endorsed by several forum buyers.

Denizens of the underground marketplace can purchase a custom application that targets one specific financial institution for $1,000, or a complete mobile malware creation toolkit for $15,000.

The market for hijacked or fraudulent developer accounts on Google Play is part of the reason, among many others, that Android malware is a growing problem. By contrast, Apple's much tighter control of its marketplace has meant the mobile malware on iOS has been almost non-existent right from the off and going back seven years. It is only spoiled by extremely isolated example of worms that only affected users of jailbroken iPhones, such as the "Duh" or Ikee-B worm, which formed the key part of a banking scam back in 2009.

By contrast, according to figures from Kaspersky Lab, by the end of 2012 more 43,000 malicious programs were targeting Android devices. More than 99 per cent of new threats discovered by the Russian security firm last year targeted Android-based smartphones and tablets, with less than one per cent aimed at devices running Symbian and BlackBerry operating systems or supporting the mobile version of Java.

The most widespread Android threats can be divided into three major groups: SMS Trojans, which steal money by sending premium texts; adware; and exploits to gain root access that allow criminals to enter the device and extract any data stored on it. Most of the small number of nasties targeting Symbian and BlackBerry smartphones specifically target victims’ bank accounts, according to Kaspersky Lab. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.