Study: Criminals smuggle Trojan apps worth $2,000+ into Google Play

On the dark web, cyber criminals offer their services for a fee. In a recent study on Android malware, security researchers from Kaspersky evaluated the offers and their prices on the online black market. Besides publishing trojan apps in the official app store Google Play, the criminals even offer advertisements placed on Google to make victims aware of the malicious apps and install them.

Unwanted apps in Google Play

According to a report investigating the underground forums, prices for publishing Trojan apps on Google Play range from $2,000 to $20,000. The source code of such “loaders” is the most expensive at 20,000 US dollars. Trojan apps appearing on Google Play is a regular occurrence.

One scam used by criminals is that they upload legitimate-looking apps with real functionality from the relevant area under the guise of dating, cryptocurrency and QR code apps, security researchers say.

In order not to trigger protective measures from Google Play, this usually happens without malicious functions. These are often submitted later as an update, so that users of the app are subsequently given the Trojan code. The researchers do not explain in detail how this is done and why no security mechanisms of the App Store kick in in this case. Distribution through third-party app stores costs between $50 and $100.

There are also offers to access compromised devices starting at $300. Modules for recording access data entered by victims on websites cost between 25 and 80 US dollars.

The payment

According to the report, the sellers rely on three payment models: They collect a certain percentage of the booty generated by the Trojan app. A subscription model ensures steady income or they require a one-off payment.

Google advertising for the malware is said to be the most expensive in Australia and the US at $1. The communication between sellers and buyers should primarily take place directly in the forums or via messengers such as Telegram.

(of the)