Malicious Android apps have been found for sale on the darknet and are being sold for up to $20,000, according to security researchers at Kaspersky.
The company described the findings in an article published on Monday, in which it said the team collected examples from nine different darknet forums where these apps are being sold.
“Like on legitimate forums for selling goods, there are various Darknet offers for different needs and customers with different budgets,” reported Kaspersky. “To publish a malicious app, cybercriminals need a Google Play account and a malicious downloader code (Google Play Loader).”
Developer accounts can be bought for $60–$200 each, Kaspersky explained. On the other hand, the cost of malicious loaders ranges between $2000 and $20,000, depending on the complexity of malware and malicious code, as well as additional functions.
These tools are usually disguised as cryptocurrency trackers, financial apps, QR-code scanners or dating apps.
Read more on Android malware here: New Android Banking Trojan ‘Nexus’ Promoted As MaaS
“Cybercriminals also highlight how many downloads the legitimate version of that app has, which means how many potential victims can be infected by updating the app and adding malicious code to it. Most frequently, the suggestions specify 5000 downloads or more,” Kaspersky wrote.
Further, cybercriminals can also pay an additional fee to hide the application code and make it harder to detect.
“To increase the number of downloads to a malicious app, many attackers also offer to purchase installs directing traffic through Google ads and attracting more users to download the app. Installs cost differently for each country,” reads the report.
Regarding the ‘business model’ behind these apps, threat actors offer either a share of the final profit from the malware, rent of the same, or full purchase of either an account or a threat.
“Malicious mobile apps continue to be one of the top cyber-threats targeting users, with more than 1.6 million mobile attacks detected in 2022,” commented Alisa Kulishenko, a security expert at Kaspersky. “At the same time, the quality of cybersecurity solutions that protect users from these attacks is also increasing.”
Case in point, a separate Kaspersky report published at the end of February suggested there were 196,476 new mobile banking Trojan installers in 2022 in the wild, more than double the figures from 2021.