March 8, 2013
“I recently encountered an Android malware developer on a semi-private Underweb forum who was actively buying up verified developer accounts at Google Play for $100 apiece,” said security blogger Brian Krebs in a blog post.
“Google charges just $25 for Android developers who wish to sell their applications through the Google Play marketplace, but it also requires the accounts to be approved and tied to a specific domain. The buyer in this case is offering $100 for sellers willing to part with an active, verified Play account that is tied to a dedicated server.”
Krebs said the same cyber-criminal is also selling an Android mobile malware creation toolkit — dubbed Perkele (a Finnish word for devil or damn)— aimed at Citibank, HSBC and ING customers as well as customers of banks in a number of other countries.
Perkele works by intercepting SMS messages sent from banks to Android phones infected with the malware. It works in tandem with compromised desktop or laptop computers. When a customer visits his banking site from his computer, he is asked to install a special security certificate on his phone. The victim is then asked to enter his mobile number, after which hee will receive links to a site hosting mobile malware disguised as security apps available for download on Android devices.
Scam artists can purchase the Perkele kit from this Android malware developer for $1,000 or $15,000. The $1,000 kit targets one specific bank while the more expensive kit “appears to be an SMS malware builder that allows an unlimited number of builds targeting all supported banks,” Krebs said.
While such malware is not especially sophisticated, Krebs said, it is still pretty effective.
“Fortunately, a modicum of common sense and impulse control can keep most Android users out of trouble,” he said. “Take a moment to read and comprehend an app’s permissions before you install it. Also, make sure you download apps that are scanned through Bouncer (Google’s internal malware scanner).”