Respected security blogger Brian Krebs reports that an “explosion in Android malware” is being fueled by a growing market for hijacked or rogue developer accounts on Google Play, Google’s official Android app store.
While hugely popular, the open source nature of the Android platform has long been a cause of concern for security professionals. Industry watchers have hinted that Google itself is starting to put tighter developer controls around Android, development for which has become fractured. It may look to introduce locked down Android hardware of its own, like Apple and Microsoft, and continue to develop the fully closed Chrome platform.
Krebs claims that an Android malware developer active on a popular underground forum was seeking to buy verified developer accounts at Google Play for $100 apiece. According to Krebs: “Google charges just $25 for Android developers who wish to sell their applications through the Google Play marketplace, but it also requires the accounts to be approved and tied to a specific domain. The buyer in this case is offering $100 for sellers willing to part with an active, verified Play account that is tied to a dedicated server.”
Krebs goes on to report that the same malware developer also sells an Android SMS malware package that targets customers of CitiBank, as well as 66 other financial institutions around the world. The targeted banks offer text messages as a form of multi-factor authentication, and this bot is designed to intercept all incoming SMS messages on infected Android phones.