Kaspersky Lab experts shared some interesting statistics collected using the Kaspersky Digital Footprint Intelligence service as a result of analyzing advertisements for the sale of malicious applications for Google Play on several dark web forums. Prices for programs and developer accounts reach up to $20,000.
Kaspersky studied dark web marketplaces between 2019 and 2023 and identified many services and ready-made codes for infecting and hacking Android smartphones and tablets.
On the darknet, attackers buy and sell malicious apps for Google Play and updates for them and advertise their developments. They buy a developer account on Google Play and a malicious code uploader to upload the malware to the store. Accounts are offered at prices ranging from $60 to $200.
The main task that cybercriminals need to solve is bypassing Google’s protective measures. To do this, they hide malicious code in apps that look harmless. As a rule, the victim first downloads a legitimate program, but the user downloads the malicious component with the update.
Moreover, such an update can request additional rights in the system, such as access to certain files. Such “tools”, according to Kaspersky, will cost between $2,000 and $20,000.
It is most commonly offered on the dark web to insert malicious malware into cryptocurrency trackers, banking applications, QR code scanners, or dating apps. Such programs are posted on Google Play, and the attackers add the malicious code later. Advertisers also note how often such apps have been downloaded to show how many potential victims can be reached.
Three ways of cooperation are offered: for a share of the final profit, by subscription, and for the complete acquisition of an account or malware. Sellers can also offer to publish the app for the buyer so they don’t have to interact directly with Google Play.
To protect the device from mobile threats, Kaspersky Lab experts also recommend that users: pay attention to what permissions you give to the installed application, whether it needs them for correct operation; use a reliable security solution; download applications from legitimate resources: in any case, this significantly reduces the risk of encountering cyber threats compared to unofficial sites; regularly update the operating system and installed applications — together with them, developers release patches with fixes for vulnerabilities and errors.