{"id":109452,"date":"2023-04-10T08:00:02","date_gmt":"2023-04-10T08:00:02","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/securelist\/?p=109452"},"modified":"2023-04-13T12:29:30","modified_gmt":"2023-04-13T12:29:30","slug":"google-play-threats-on-the-dark-web","status":"publish","type":"post","link":"https:\/\/securelist.com\/google-play-threats-on-the-dark-web\/109452\/","title":{"rendered":"Overview of Google Play threats sold on the dark web"},"content":{"rendered":"

In 2022, Kaspersky security solutions detected<\/a> 1,661,743 malware or unwanted software installers, targeting mobile users. Although the most common way of distributing such installers is through third-party websites and dubious app stores, their authors every now and then manage to upload them to official stores, such as Google Play. These are usually policed vigorously, and apps are pre-moderated before being published; however, the authors of malicious and unwanted software employ a variety of tricks to bypass platform checks. For instance, they may upload a benign application, then update it with malicious or dubious code infecting both new users and those who have already installed the app. Malicious apps get removed from Google Play as soon as they are found, but sometimes after having been downloaded a number of times.<\/p>\n

With many examples of malicious and unwanted apps on Google Play being discovered after complaints from users, we decided to take a look at what the supply and demand of such malware on the dark web looks like. It is especially important to analyze how this threat originates, because many cybercriminals work in teams, buying and selling Google Play accounts, malware, advertising services, and more. It’s a whole underground world with its own rules, market prices, and reputational institutions, an overview of which we present in this report.<\/p>\n

Methodology<\/h2>\n

Using Kaspersky Digital Footprint Intelligence<\/a>, we were able to collect examples of offers of Google Play threats for sale. Kaspersky Digital Footprint Intelligence allows discreet monitoring of pastebin sites and restricted underground online forums to discover compromised accounts and information leakages. The offers presented in this report were published between 2019 and 2023 and were collected from the nine most popular forums for the purchase and sale of goods and services related to malware and unwanted software.<\/p>\n

Key findings<\/h2>\n