Attackers can buy evil Play apps for as little as $3000

By

The cost of malware services.

Thrifty bad actors could pay as little as US$2000 ($3000) to get a malicious app into the Google Play store, according to Kaspersky researchers, but prices also range as high as $US20,000.

Attackers can buy evil Play apps for as little as $3000

In research published at Securelist, the researchers analysed offers of Google Play threats for sale between 2019 and 2023, and found that the most popular app categories to hide malware were cryptocurrency trackers, financial apps, QR code scanners and dating apps.

The researchers price-benchmarked a variety of criminal services on offer: as well as pushing malware onto users’ Android devices, they looked at the cost of malware obfuscation, and advertising.

Between the two extremes, Kaspersky wrote, the average price for a compromised Google Play loader – which injects malicious code into a target app, which replaces the original on Play – is US$6975.

“However, if cyber criminals want to buy the loader source code, the price immediately rockets, reaching the upper limit of the price range," the researchers added.

The researchers said that the criminals “most frequently … promise to inject code into an app with 5000 downloads or more.”

Binding services, another popular delivery mechanism, insert malicious code in an app, but rather than distributing it through Play, attackers push the app at victims via phishing text or “dubious websites with cracked games and software”.

These services, Kaspersky said, “usually cost about US$50 to US$100, or US$65 per file” for a successful installation.

Malware obfuscation helps malicious apps get past Google Play’s checks, and Kaspersky found it is offered per application, “or for a subscription, for example, once per month.”

The advantage of subscriptions is the same as in the legal world, the researchers wrote:
"One of the sellers offers obfuscation of 50 files for US$440, while the cost of processing only one file by the same provider is about US$30.”

Advertising to get users to pick up the compromised apps varies greatly: “The average price is US$0.50, with offers ranging from US$0.10 to US$1.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Eagers Automotive finds unauthorised access to parts of IT systems

Eagers Automotive finds unauthorised access to parts of IT systems

Hackers hit Victoria's court recording database

Hackers hit Victoria's court recording database

St Vincent's Health Australia warns cyber attack forensics could "take some time"

St Vincent's Health Australia warns cyber attack forensics could "take some time"

Yakult Australia confirms cyber incident

Yakult Australia confirms cyber incident

Log In

  |  Forgot your password?