Malware developers targeting Googleâ€™s Android platform are reportedly seeking new ways to establish trustworthy delivery channels for their creations. Cyber-criminals are listening to the old business adage that â€œone has to spend money to make money.â€
According to a report by tech journalist Brian Krebs, an Android virus writer is offering as much as $100 for a verified developer account tied to a dedicated server. The report also mentions that the same buyer is providing a do-it-yourself Android malware creation toolkit dubbed Perkele used to intercept incoming SMS messages from banks.
Web-injector malware working in tandem with mobile banking malware for the interception of mTANs (Mobile Transaction authentication number) is nothing new – itâ€™s an approach that Zeus (and ZitMo) has been using for quite a while. However, if these threats turn up on Google Play â€“ or worse, in applications that have already built a reputation among its users, their rate of success will dramatically increase.
Mobile malware is not only aggressive adware: it is becoming more and more focused on reaching your pockets, either via premium-rate SMS scams or direct e-banking fraud. The emergence of malware automation toolkits for Android will lend a helping hand not only to long-time cyber-crooks, but also to newcomers who donâ€™t have enough programming skills to develop their own malicious code.