Security researchers from Kaspersky claim to have analysed the workings of cybercriminals selling malicious apps on Darknet. These cybersecurity experts claim to have discovered that malicious mobile apps and store developer accounts are being sold up to $20,000. These researchers collected examples from nine different Darknet forums where the purchase and sale of goods and services related to malware is carried out. The report sheds light on how threats sold on Darknet appear on Google Play and also reveals the offers available, including price range and features of communication and agreements between cybercriminals.
Cybercriminals, as per the report, gather on the Darknet to buy and sell Google Play malicious apps, and additional functions to upgrade and even advertise their creations. Like on legitimate forums for selling goods, there are also various Darknet offers for different needs and customers with different budgets. To publish a malicious app, cybercriminals need a Google Play account and a malicious downloader code (Google Play Loader). A developer account can be bought cheaply, for $200 and sometimes even for as little as $60. The cost of malicious loaders is said to range between $2,000 and $20,000, depending on the complexity of malware, the novelty and prevalence of malicious code, as well as the additional functions.
Apps cyber criminals often use to hide viruses/spyware
According to the report, most often the malware being distributed is hidden under cryptocurrency trackers, financial apps, QR-code scanners and even dating apps. Cybercriminals also highlight how many downloads the legitimate version of that app has, which means how many potential victims can be infected by updating the app and adding malicious code to it. Most frequently the suggestions specify 5,000 downloads or more.
Cyber criminals purchase app installs, price varies from country to country
For an additional fee, cybercriminals can obfuscate the application code to make it harder to detect by cybersecurity solutions. To increase the number of downloads to a malicious app, many attackers also offer to purchase instals – directing traffic through Google ads and attracting more users to download the app. Installs cost differently for each country. The average price is $0.50, with offers ranging from $0.10 to several dollars. In one of the discovered offers, advertisements for users from the US and Australia cost the most – $0.80.
Three kinds of services that fraudsters offer
Fraudsters are said to offer three kinds of services: One, on the basis of profit sharing; two, rent; and three, full purchase of either an account or a threat. Some sellers even hold auctions to buy their goods, since many sellers limit the number of lots sold. For example, in an offer that researchers found, the starting price was $1,500, with $700 incremental steps in the auction, and the instant purchase for the highest price was $7,000.
Darknet sellers can also offer to publish the malicious app for the buyer so they do not directly interact with Google Play, but can still remotely receive all of the victims’ detected data. It may seem that in such a case the developer can easily deceive the buyer, but it is common among Darknet sellers to preserve and maintain their reputation, promise guarantees, or accept payment after the terms of the agreement have been completed. To reduce risks when making deals cybercriminals often resort to the services of disinterested intermediaries, known as “escrow”. The escrow may become a special service and supported by a shadow platform, or a third party who is not interested in the results of the transaction.
Cybercriminals, as per the report, gather on the Darknet to buy and sell Google Play malicious apps, and additional functions to upgrade and even advertise their creations. Like on legitimate forums for selling goods, there are also various Darknet offers for different needs and customers with different budgets. To publish a malicious app, cybercriminals need a Google Play account and a malicious downloader code (Google Play Loader). A developer account can be bought cheaply, for $200 and sometimes even for as little as $60. The cost of malicious loaders is said to range between $2,000 and $20,000, depending on the complexity of malware, the novelty and prevalence of malicious code, as well as the additional functions.
Apps cyber criminals often use to hide viruses/spyware
According to the report, most often the malware being distributed is hidden under cryptocurrency trackers, financial apps, QR-code scanners and even dating apps. Cybercriminals also highlight how many downloads the legitimate version of that app has, which means how many potential victims can be infected by updating the app and adding malicious code to it. Most frequently the suggestions specify 5,000 downloads or more.
Cyber criminals purchase app installs, price varies from country to country
For an additional fee, cybercriminals can obfuscate the application code to make it harder to detect by cybersecurity solutions. To increase the number of downloads to a malicious app, many attackers also offer to purchase instals – directing traffic through Google ads and attracting more users to download the app. Installs cost differently for each country. The average price is $0.50, with offers ranging from $0.10 to several dollars. In one of the discovered offers, advertisements for users from the US and Australia cost the most – $0.80.
Three kinds of services that fraudsters offer
Fraudsters are said to offer three kinds of services: One, on the basis of profit sharing; two, rent; and three, full purchase of either an account or a threat. Some sellers even hold auctions to buy their goods, since many sellers limit the number of lots sold. For example, in an offer that researchers found, the starting price was $1,500, with $700 incremental steps in the auction, and the instant purchase for the highest price was $7,000.
Darknet sellers can also offer to publish the malicious app for the buyer so they do not directly interact with Google Play, but can still remotely receive all of the victims’ detected data. It may seem that in such a case the developer can easily deceive the buyer, but it is common among Darknet sellers to preserve and maintain their reputation, promise guarantees, or accept payment after the terms of the agreement have been completed. To reduce risks when making deals cybercriminals often resort to the services of disinterested intermediaries, known as “escrow”. The escrow may become a special service and supported by a shadow platform, or a third party who is not interested in the results of the transaction.
Related Posts
Denial of responsibility! TechnoCodex is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.
