Malware makers paying US$100 for Google Play accounts
Google may have to further tighten their app review mechanism for Android, as developers of malware targeting the search giant's mobile device platform are reportedly paying US$100 to buy Google Play accounts.
In a blog post, tech journalist Brian Krebs said getting a developer account at Google Play may allow malware makers to disguise their products as legitimate apps.
"I recently encountered an Android malware developer on a semi-private Underweb forum who was actively buying up verified developer accounts at Google Play for $100 apiece. Google charges just US$25 for Android developers who wish to sell their applications through the Google Play marketplace, but it also requires the accounts to be approved and tied to a specific domain," Krebs said.
He said the buyer he encountered was offering $100 for sellers "willing to part with an active, verified Play account that is tied to a dedicated server."
The buyer was supposedly selling an Android SMS malware package targeting customers of Citibank, HSBC and ING, and at least 66 other financial institutions worldwide.
Krebs said the bot kit, dubbed "Perkele," would intercept SMS messages sent by the banks as a form of multi-factor authentication.
"Customers can purchase a single-use application that targets one specific financial institution for US$1,000; the malware author also sells a “universal kit” for US$15,000, which appears to be an SMS malware builder that allows an unlimited number of builds targeting all supported banks," Krebs said.
In contrast, Krebs said Apple's iOS platform uses a “closed” iTunes store to keep out malicious apps.
For now, Krebs advised Android users to "make sure you download apps that are scanned through Bouncer (Google’s internal malware scanner)." He also advised them to research about the app's reputation.
A separate blog post on Hotforsecurity.com said the account-buying developer's "Perkele" malware works in tandem with mobile banking malware for the interception of mTANs (Mobile Transaction authentication numbers).
"However, if these threats turn up on Google Play – or worse, in applications that have already built a reputation among its users, their rate of success will dramatically increase," it said – KDM, GMA News