Security News > 2023 > April > Cybercriminals Turn to Android Loaders on Dark Web to Evade Google Play Security
"The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps," Kaspersky said in a new report based on messages posted on online forums between 2019 and 2023.
Dropper apps are the primary means for threat actors looking to sneak malware via the Google Play Store.
As another option, threat actors can purchase a Google Play developer account - either hacked or newly created by the sellers - for anywhere between $60 and $200, depending on the number of already published apps and download counts.
Binding services, as opposed to loaders, cost less owing to the fact that the poisoned apps are not available via the Google Play Store.
Attackers can buy installs for their Android apps through Google Ads for $0.5 on average.
To mitigate risks posed by Android malware, users are recommended to refrain from installing apps from unknown sources, scrutinize app permissions, and keep their devices up-to-date.
News URL
https://thehackernews.com/2023/04/cybercriminals-turn-to-android-loaders.html
Related news
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- New North Korean Android spyware slips onto Google Play (source)
- Malicious Android 'Vapor' apps on Google Play installed 60 million times (source)
- Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV) (source)
- How Google tracks Android device users before they've even opened an app (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google expands Android AI scam detection to more Pixel devices (source)
- Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud (source)
- Why The Modern Google Workspace Needs Unified Security (source)
- Google paid $12 million in bug bounties last year to security researchers (source)