Share this article on:
A new report has shed light on the trading and selling of malware and other malicious software on the Google Play app store for Android devices.
Researchers from Kaspersky studied nine dark web forums between 2019 and 2023 and found a range of services being offered, for a range of prices.
At the lower end of the market, the cheapest services include malicious access to developer accounts, starting at about US$60, while the most expensive services on offer are for an actual loader capable of injecting malicious code into an app hosted on the Google Play Store, which costs between US$2,000 and US$20,000.
But there is a wide range of other services on offer as well, and some services can even be rented long term, and come with ongoing support from the seller.
For instance, one enterprising hacker offers a malicious Google Play loader that will operate for one week; if the affected app — which in this case could be anti-virus apps, QR scanners, or even mobile games — is removed within that week, the hacker promises to provide a new app for free.
The hacker even boasts about a “good and easy to use UI”. They charge US$5,000 for the loader service, and prospective buyers can contact them via Telegram.
Other malware can be targeted via binding services. These offer much the same functionality as loaders but are often distributed via cracked applications shared by phishing messages and on rather more dubious hosting sites than the Google Play Store. This is a much cheaper option since the apps have a lower distribution rate. Binding typically costs around US$65 per file.
There’s also a wide variety of payment methods accepted. Some services are sold for a straight-up price, while other hackers might charge a percentage of any profits gained from a malicious app. Others still host auctions for their services, or use dark web markets that keep funds in escrow until the customer is happy with the outcome.
“It may seem that service providers could easily deceive buyers and make a profit from their apps themselves,” according to the Kaspersky report.
“Often, this is the case. However, it is also common among dark web sellers to maintain their reputation, promise guarantees, or accept payment after the terms of the agreement have been fulfilled.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.