Cybercriminals are finding ways around the official Google Play app store’s security, developing tools for trojanizing existing Android applications and selling their malicious wares for up to $20,000 a piece on cybercrime markets.
In an April 10 blog post, researchers from Kaspersky published the results of a broad study of nine of the most popular Dark Web forums. Tracking activity from 2019 and 2023, they found a thriving marketplace of buyers and sellers trading access to app developer accounts, botnets, and malicious Android applications, sometimes for thousands of dollars at a time.
In some cases, particularly useful wares — like source code that can burrow you into an existing cryptocurrency or dating app on Google Play — are going for multiple thousands of dollars.
“It’s an infinite cat and mouse game,” Kaspersky researcher Georgy Kucherin says of Google’s app security. “The attackers find a way to bypass security scanners. Then the people developing the security scanners deploy patches to ensure that doesn’t happen again. Then the attackers find new flaws. And it goes on and on.”
A Google spokesperson tells Dark Reading, “Google Play has policies in place to keep users safe that all apps must adhere to. All Android apps undergo security testing before appearing in Google Play. We take security and privacy claims against apps seriously, and if we find that an app has violated our policies, we take appropriate action. Users are also protected by Google Play Protect, which can warn users or block identified malicious apps on Android devices.”
The Marketplace for Google Play Hacks
Any software uploaded to Apple’s or Google’s app stores is subject to rigorous vetting.
“But just like any security solution that exists in the world, it’s not 100% effective,” according to the Kaspersky researchers. “Every scanner contains flaws that