• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

ToolShell under siege: Check Point analyzes Chinese APT Storm-2603

 | 

CISA released Thorium platform to support malware and forensic analysis

 | 

Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware

 | 

Dahua Camera flaws allow remote hacking. Update firmware now

 | 

Researchers released a decryptor for the FunkSec ransomware

 | 

Apple fixed a zero-day exploited in attacks against Google Chrome users

 | 

PyPI maintainers alert users to email verification phishing attack

 | 

FBI seizes 20 BTC from Chaos Ransomware affiliate targeting Texas firms

 | 

Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company

 | 

Orange reports major cyberattack, warns of service disruptions

 | 

Hackers leak images and comments from women dating safety app Tea

 | 

Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

 | 

Seychelles Commercial Bank Reported Cybersecurity Incident

 | 

Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

 | 

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

 | 

Scattered Spider targets VMware ESXi in using social engineering

 | 

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

 | 

Allianz Life data breach exposed the data of most of its 1.4M customers

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Malware
  • Security
  • Android Malware Seeds for Sale

Android Malware Seeds for Sale

Pierluigi Paganini March 15, 2013

One of the leading computer security companies of Russia, Group-IB and its CERT (CERT-GIB), found that Android malware is available for sale by cybercriminals. With explosion of mobile market and increase of Android users, more devices can be infected by malware downloaded through Android Market or Google Play or from 3d party WEB-sites.

“Nowadays it is possible to buy Android phishing malware for 4 000 USD with source codes, which is amazing opportunity for cybercriminals to move beyond PC’s in their attempt to hack bank accounts” – said Dan Clements, Group-IB US Managing Partner.

Two models of mobile malware seem prevalent in the underground

  • phishing malware (used for phishing the user by SMS).
  • cyber espionage malware (recording calls, blocking calls, intercepting SMS, blocking SMS), usually used for online-banking theft as well.

 

MobileUndergroundMarket

Pic.1

Pic.1 – SMS/Calls mobile interception malware for Android, with opportunities of blocking of SMS and calls from the targeted numbers, such as banks call-centers or fraud detection departments.

Translation:

“Here is the brief description:
– SMS interception by filter (number of the sender or the segment of the text message);
– Blocking all SMS or by filter;
– Calls redirect;
– “Clever” self removal from the mobile;
– Malware can be designed as legitimate application with payload;
– 3 languages for the application (localization);
– hidden functional can be turned on/off by SMS command.
 The source codes are provided with the description, as well as with the links on SMS-services for sending and receiving the messages, my references. Work near 3 years with this mobile malware, have good experience.
The price is 4 000 USD
Contact: through PM.”    

Today’s modern cyber criminals don’t block all SMS, and don’t block targeted number from the bank, they use signature detection method of the banking customers notification messages by several criteria such as the bank’s brand name, it’s notifications templates, and many other things, which help them to block and intercept all the messages from the bank including OTP tokens needed for banking transfer validation on the customer’s side.

PhishingMobileMalware

Pic.2

Many banks in some countries don’t provide an opportunity of sending funds through online-banking service to other countries or financial institute, that’s why cybercriminals are interested in attacking traditional PCs in classical way through exploits and banking trojans, and use mobile malware as a supportive mean of theft.

The malware is targeted on European Union countries, Middle East and Asia countries, excluding Russia and Ukraine, but can be efficiently modified and exploited on wide ranges of the countries including US and Canada.

Many of these cyber gangs share revenue of approximately 30% from these ill-gotten gains. To carry out their deeds they also use very big mobile botnets or tones of mobile traffic.

Pic.2 – phishing mobile malware has become more popular because of its ease of entry into the market for any medium-level criminal. It costs near 1 000 USD on the black market, with the services included for its configuration and support (prefixes, mobile number configuration, SMS billing, timing for SMS sending)

Translation:

“Good day for all,
I sell Android bot, it sends SMS on “pay-numbers” (without customers notification). You place there prefix, mobile number, timing for sending SMS, I will help with billing, which will accept such kind of traffic.
What are benefits: it is stable profit, all you need is to develop your mobile botnet, it depends on you.
I provide source codes as well, possibly someone will improve the bot in future. Will help you with all possible questions, explain how it works.
Use ICQ for the contact. I am always online.”
 

Cybercrime methods are becoming increasingly complex, and as already happened for desktop environments also mobile market is increasing in concerning way. It’s fundamental to monitor black market and detect instance of its products spread in the wild … Group-IB has provided me evidence of their excellent work in the monitoring and detection of incoming cyber threats.

Thanks

Pierluigi

(Security Affairs – Malware) 
 

facebook linkedin twitter

Android Botnets cyber espionage Cybercrime Group-IB malware phishing

you might also like

Pierluigi Paganini August 01, 2025
ToolShell under siege: Check Point analyzes Chinese APT Storm-2603
Read more
Pierluigi Paganini August 01, 2025
CISA released Thorium platform to support malware and forensic analysis
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    ToolShell under siege: Check Point analyzes Chinese APT Storm-2603

    APT / August 01, 2025

    CISA released Thorium platform to support malware and forensic analysis

    Cyber Crime / August 01, 2025

    Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware

    APT / July 31, 2025

    Dahua Camera flaws allow remote hacking. Update firmware now

    Hacking / July 31, 2025

    Researchers released a decryptor for the FunkSec ransomware

    Malware / July 31, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT