Cybercriminals can pay $20k to spread malware on the Google Play store

Loader apps hiding in the Play Store can cost up to $20k

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hackers are paying up to $20,000 to get malicious apps intoGoogle’sPlay Store, researchers have found.

Gettingmalwareinto the Google Play Store is something of a jackpot for cybercriminals. The app repository enjoys a high level of trust among Android users, and most of the time, they’re happy to download apps found there without second-guessing their intentions.

To maintain its high level of trust, Google takes a number of precautions, including pre-screening apps to make sure they’re legitimate, and removing malicious ones as soon as they’re discovered.

Installing malware via updates

That’s why hackers who’ve found a way to sneak malicious apps into the repository are happy to sell that backdoor - for as much as $20,000. This is according to cybersecurity researchers from Kaspersky, as The Register reports.

Users warned of Microsoft data harvesting>Google under investigation in Australia for large scale Android data harvesting>These are the best Android antivirus apps right now

The cybersecurity firm studied nine dark-web marketplaces between 2019 and 2023 and found a working, but expensive, method of getting malware to the Play Store on offer.

It’s called a “loader” - a mobile app that looks legitimate, but will at one point try to install an “update” that is malicious. The app might even work as advertised in the beginning, until at one point, it will no longer function until it’s updated, or otherwise force the victim to update another way.

These loaders can be purchased on the dark web, ranging from $2,000, to $20,000. The price depends on the features the loader has. A user-friendly UI design, a convenient control panel, victim country filter, support for newer versions of Android, and similar, all dictate the price, Kaspersky says.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Cybercriminals may also supplement the trojanized app with functionality for detecting a debugger or sandbox environment,” the researchers added. “If a suspicious environment is detected, the loader may stop its operations, or notify the cybercriminal that it has likely been discovered by security investigators.”

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics