Android Malware Seeds for Sale

By Pierluigi Paganini, Editor-in-Chief

One of the leading computer security companies of Russia, Group-IB and  its CERT (CERT-GIB), found that Android malware is available for sale by cyber criminals. With explosion of mobile market and increase of Android users, more devices can be infected by malware downloaded through Android Market or Google Play or from 3d party WEB-sites.

“Nowadays it is possible to buy Android phishing malware for 4 000 USD with source codes, which is amazing opportunity for cybercriminals to move beyond PC’s in their attempt to hack bank accounts” – said Dan Clements, Group-IB US Managing Partner.

Two models of mobile malware seem prevalent in the underground

  • Phishing malware (used for phishing the user by SMS).
  • Cyber espionage malware (recording calls, blocking calls, intercepting SMS, blocking SMS), usually used for online-banking theft as well.

andriod pic

Many banks in some countries don’t provide an opportunity of sending funds through online-banking service to other countries or financial institute, that’s why cybercriminals are interested in attacking traditional PCs in classical way through exploits and banking trojans, and use mobile malware as a supportive mean of theft.

The malware is targeted on European Union countries, Middle East and Asia countries, excluding Russia and Ukraine, but can be efficiently modified and exploited on wide ranges of the countries including US and Canada.

Many of these cyber gangs share revenue of approximately 30% from these ill-gotten gains. To carry out their deeds they also use very big mobile botnets or tones of mobile traffic.

Pic.2 – phishing mobile malware has become more popular because of its ease of entry into the market for any medium-level criminal. It costs near 1 000 USD on the black market, with the services included for its configuration and support (prefixes, mobile number configuration, SMS billing, timing for SMS sending)


“Good day for all,

I sell Android bot, it sends SMS on “pay-numbers” (without customers notification). You place there prefix, mobile number, timing for sending SMS, I will help with billing, which will accept such kind of traffic.

What are benefits: it is stable profit, all you need is to develop your mobile botnet, it depends on you.

I provide source codes as well, possibly someone will improve the bot in future. Will help you with all possible questions, explain how it works.

Use ICQ for the contact. I am always online.”

Cybercrime methods are becoming increasingly complex, and as already happened for desktop environments also mobile market is increasing in concerning way. It’s fundamental to monitor black market and detect instance of its products spread in the wild … Group-IB has provided me evidence of their excellent work in the monitoring and detection of incoming cyber threats.

(Sources : CDM & Group-IB)

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.