• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Interlock ransomware group deploys new PHP-based RAT via FileFix

 | 

Global Louis Vuitton data breach impacts UK, South Korea, and Turkey

 | 

Experts uncover critical flaws in Kigen eSIM technology affecting billions

 | 

Spain awarded €12.3 million in contracts to Huawei

 | 

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

 | 

Wing FTP Server flaw actively exploited shortly after technical details were made public

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53

 | 

Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

McDonald’s job app exposes data of 64 Million applicants

 | 

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Malware
  • Security
  • Android Malware Seeds for Sale

Android Malware Seeds for Sale

Pierluigi Paganini March 15, 2013

One of the leading computer security companies of Russia, Group-IB and its CERT (CERT-GIB), found that Android malware is available for sale by cybercriminals. With explosion of mobile market and increase of Android users, more devices can be infected by malware downloaded through Android Market or Google Play or from 3d party WEB-sites.

“Nowadays it is possible to buy Android phishing malware for 4 000 USD with source codes, which is amazing opportunity for cybercriminals to move beyond PC’s in their attempt to hack bank accounts” – said Dan Clements, Group-IB US Managing Partner.

Two models of mobile malware seem prevalent in the underground

  • phishing malware (used for phishing the user by SMS).
  • cyber espionage malware (recording calls, blocking calls, intercepting SMS, blocking SMS), usually used for online-banking theft as well.

 

MobileUndergroundMarket

Pic.1

Pic.1 – SMS/Calls mobile interception malware for Android, with opportunities of blocking of SMS and calls from the targeted numbers, such as banks call-centers or fraud detection departments.

Translation:

“Here is the brief description:
– SMS interception by filter (number of the sender or the segment of the text message);
– Blocking all SMS or by filter;
– Calls redirect;
– “Clever” self removal from the mobile;
– Malware can be designed as legitimate application with payload;
– 3 languages for the application (localization);
– hidden functional can be turned on/off by SMS command.
 The source codes are provided with the description, as well as with the links on SMS-services for sending and receiving the messages, my references. Work near 3 years with this mobile malware, have good experience.
The price is 4 000 USD
Contact: through PM.”    

Today’s modern cyber criminals don’t block all SMS, and don’t block targeted number from the bank, they use signature detection method of the banking customers notification messages by several criteria such as the bank’s brand name, it’s notifications templates, and many other things, which help them to block and intercept all the messages from the bank including OTP tokens needed for banking transfer validation on the customer’s side.

PhishingMobileMalware

Pic.2

Many banks in some countries don’t provide an opportunity of sending funds through online-banking service to other countries or financial institute, that’s why cybercriminals are interested in attacking traditional PCs in classical way through exploits and banking trojans, and use mobile malware as a supportive mean of theft.

The malware is targeted on European Union countries, Middle East and Asia countries, excluding Russia and Ukraine, but can be efficiently modified and exploited on wide ranges of the countries including US and Canada.

Many of these cyber gangs share revenue of approximately 30% from these ill-gotten gains. To carry out their deeds they also use very big mobile botnets or tones of mobile traffic.

Pic.2 – phishing mobile malware has become more popular because of its ease of entry into the market for any medium-level criminal. It costs near 1 000 USD on the black market, with the services included for its configuration and support (prefixes, mobile number configuration, SMS billing, timing for SMS sending)

Translation:

“Good day for all,
I sell Android bot, it sends SMS on “pay-numbers” (without customers notification). You place there prefix, mobile number, timing for sending SMS, I will help with billing, which will accept such kind of traffic.
What are benefits: it is stable profit, all you need is to develop your mobile botnet, it depends on you.
I provide source codes as well, possibly someone will improve the bot in future. Will help you with all possible questions, explain how it works.
Use ICQ for the contact. I am always online.”
 

Cybercrime methods are becoming increasingly complex, and as already happened for desktop environments also mobile market is increasing in concerning way. It’s fundamental to monitor black market and detect instance of its products spread in the wild … Group-IB has provided me evidence of their excellent work in the monitoring and detection of incoming cyber threats.

Thanks

Pierluigi

(Security Affairs – Malware) 
 

facebook linkedin twitter

Android Botnets cyber espionage Cybercrime Group-IB malware phishing

you might also like

Pierluigi Paganini July 14, 2025
Interlock ransomware group deploys new PHP-based RAT via FileFix
Read more
Pierluigi Paganini July 14, 2025
Global Louis Vuitton data breach impacts UK, South Korea, and Turkey
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Interlock ransomware group deploys new PHP-based RAT via FileFix

    Cyber Crime / July 14, 2025

    Global Louis Vuitton data breach impacts UK, South Korea, and Turkey

    Data Breach / July 14, 2025

    Experts uncover critical flaws in Kigen eSIM technology affecting billions

    Security / July 14, 2025

    Spain awarded €12.3 million in contracts to Huawei

    Intelligence / July 14, 2025

    Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

    Security / July 13, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT