Dovetailing with the ever-escalating glut of Android-based mobile malware, it turns out that a black market for Android developer accounts has sprung up. Google Play accounts are apparently going for $100 a pop in the cyber-underground.
Independent security guru
Brian Krebs said that he stumbled upon an Android malware developer on a semi-private Underweb forum, “who was actively buying up verified developer accounts at Google Play for $100 apiece.” By verified, that means that the account has been verified by Google as legitimate and tied to a specific domain. Google charges $25 for Android developers to get started selling through the Google Play marketplace, offering a margin opportunity for the less scrupulous among them to sell of their credentials.
But malware authors can parlay their $75 investment into something much bigger.
“Unsurprisingly, this particular entrepreneur also sells an Android SMS malware package that targets customers of Citibank, HSBC and ING, as well as 66 other financial institutions in Australia, France, India, Italy, Germany, New Zealand, Singapore, Spain, Switzerland and Turkey,” Krebs noted. “The targeted banks offer text messages as a form of multi-factor authentication, and this bot is designed to intercept all incoming SMS messages on infected Android phones.”
Dubbed Perkele, that particular malware costs $1,000 for a single-use application that targets one specific financial institution. Also, a universal kit goes for $15,000, “which appears to be an SMS malware builder that allows an unlimited number of builds targeting all supported banks,” Krebs said.
Read more:
http://www.infosecurity-magazine.co...-paying-100-apiece-for-google-play-accounts-/
