Security News > 2023 > April > Cybercriminals Turn to Android Loaders on Dark Web to Evade Google Play Security
"The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps," Kaspersky said in a new report based on messages posted on online forums between 2019 and 2023.
Dropper apps are the primary means for threat actors looking to sneak malware via the Google Play Store.
As another option, threat actors can purchase a Google Play developer account - either hacked or newly created by the sellers - for anywhere between $60 and $200, depending on the number of already published apps and download counts.
Binding services, as opposed to loaders, cost less owing to the fact that the poisoned apps are not available via the Google Play Store.
Attackers can buy installs for their Android apps through Google Ads for $0.5 on average.
To mitigate risks posed by Android malware, users are recommended to refrain from installing apps from unknown sources, scrutinize app permissions, and keep their devices up-to-date.
News URL
https://thehackernews.com/2023/04/cybercriminals-turn-to-android-loaders.html
Related news
- Free VPN apps on Google Play turned Android phones into proxies (source)
- Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets (source)
- Apps secretly turning devices into proxy network nodes removed from Google Play (source)
- Drozer: Open-source Android security assessment framework (source)
- Ransomware as a Service and the Strange Economics of the Dark Web (source)
- Vultur banking malware for Android poses as McAfee Security app (source)
- Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals (source)
- Google Cloud/Cloud Security Alliance Report: IT and Security Pros Are ‘Cautiously Optimistic’ About AI (source)
- Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (source)
- Google rolls out new Find My Device network to Android devices (source)