Kaspersky Reveals How Google Play's Dangerous App Sales Work On Darknet

Many malicious app sellers on Darknet are for distribution to Google Play (photo: Kaspersky)

JAKARTA - Kaspersky's analysis of offering malicious apps on Google Play for sale on Darknet, revealed that malicious mobile apps and store developer accounts (store developers) were sold for up to 20,000 US dollars (IDR 311 million).

Using Kaspersky Digital Footprint Intelligence, researchers highlight how threats sold on Darknet can appear on Google Play. Because according to them, even though it is closely monitored, moderator services can not always capture malicious applications before uploading them.

Every year, a large number of malicious apps are removed on Google Play only after the victim is infected. To publish this malicious app, cybercriminals usually require Google Play accounts and malicious download code (Google Play Loader).

The Kaspersky report also revealed the price range for price sharing accounts. Developer accounts can be purchased at a low price, for 200 US dollars (Rp3.1 million) and sometimes even only US$60 (Rp9.3 million).

The cost of malicious loading (loaders) ranges from $ 2,000 and $ 20,000 (Rp 31 to 311 million), depending on the complexity of malicious code malware, novelty and prevalence, as well as its additional functionality.

For the most part, distributed malware is recommended to hide behind crypto asset trackers, financial apps, QR code scanners, and even dating apps. For a small amount of added cost, cybercriminals can usually blur app codes to make it harder to detect by cybersecurity solutions.

In order to increase the number of downloads to malicious apps, many attackers also offer installation services - direct traffic through Google ads and attract more users to download apps.

The attacker offers three types of services: providing part of the final profit, rental, and full purchase both for accounts and threats. Some sellers even held auctions, as many of them limited the number of lots sold.

Darknet sellers can also provide offers such as publishing malicious apps for buyers so they don't directly interact with Google Play, but can still receive information on all victim data that is detected remotely.