Cybercriminals offer to launch Google ads to attract more people to download malicious and unwanted apps.Cybercriminals accept three main kinds of payment: a percentage of the final profit, subscription or rent, and one-time payment.The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners and even dating apps.To keep their activities low-profile, a large percentage of attackers negotiate strictly through personal messages on forums and messengers, for example, in Telegram.The price of a loader able to deliver a malicious or unwanted app to Google Play ranges between $2,000 and $20,000.The offers presented in this report were published between 20 and were collected from the nine most popular forums for the purchase and sale of goods and services related to malware and unwanted software. Kaspersky Digital Footprint Intelligence allows discreet monitoring of pastebin sites and restricted underground online forums to discover compromised accounts and information leakages. Using Kaspersky Digital Footprint Intelligence, we were able to collect examples of offers of Google Play threats for sale. It’s a whole underground world with its own rules, market prices, and reputational institutions, an overview of which we present in this report.
It is especially important to analyze how this threat originates, because many cybercriminals work in teams, buying and selling Google Play accounts, malware, advertising services, and more. With many examples of malicious and unwanted apps on Google Play being discovered after complaints from users, we decided to take a look at what the supply and demand of such malware on the dark web looks like. Malicious apps get removed from Google Play as soon as they are found, but sometimes after having been downloaded a number of times. For instance, they may upload a benign application, then update it with malicious or dubious code infecting both new users and those who have already installed the app. These are usually policed vigorously, and apps are pre-moderated before being published however, the authors of malicious and unwanted software employ a variety of tricks to bypass platform checks.
Although the most common way of distributing such installers is through third-party websites and dubious app stores, their authors every now and then manage to upload them to official stores, such as Google Play. In 2022, Kaspersky security solutions detected 1,661,743 malware or unwanted software installers, targeting mobile users.
0 kommentar(er)
