It just so happens that the one-year anniversary mark for Google Play, the go-to place for Android apps, ushers in a new botkit malware at the hand of verified Google Play 'fake' accounts used to trick users into downloading fake banking programs.
The new malware was first noticed by Brian Krebs, author of the KrebsonSecurity.com blog, where he spotted a developer purchasing verified Google Play accounts for a sum of $100 each on an underground forum.
We have recently identified cases where malware peddlers are selling off malware kits and hacker-tools, sometimes for reduced prices, to those willing to take a bold leap into the world of cybercrime. The developers selling off the botkits, as Krebs noted, are also sending Android SMS malware kits around the globe to target a small amount of banking customers. The method for spreading is of course encased in fake Google Play Accounts, ones created as part of a faux Android Market touting new Apps.
Fortunately some banks, such as ING, Citibank and HSBC, are virtually immune to the malware due to their ability to intercept multi-factor authentication messages. The botkit, known as Perkele, meaning 'devil', works together with other malware on PCs to trick banking customers into thinking they are required to install some type of special security certificate on the phone. The scheme is rather clever where it will continue to install the 'recommended app', which is a fake program that sends SMS messages back to the malware kit's originator.
This whole process, specifically designed to attack one bank, can be placed in the hand of a willing hacker for a cool $1,000. However, what is touted as a 'universal kit', one that may exploit several banking institutions, sells for $15,000. Never mind the price, just the idea of these kits being easily obtainable is the scary thought that could give banking consumers nightmares.
One aspect of the platform used to 'market' these malware kits is a site formally known as the Android Market and has since rebranding as Google Play. Those looking for these crafty kits know exactly where to go to while Google's anti-malware scanning system Bouncer hasn't put a stop to these malicious apps and premium-cost SMS malware kits. For now, all Google has done is launched a private channel for their app stores.