On the one year anniversary of Google Play comes news that a new botkit is making the rounds that leverages actual verified accounts from that marketplace to trick users into downloading phony banking applications.
Brian Krebs, who goes into further detail about the malware in a post on his blog KrebsonSecurity.com earlier today, first heard of the scam after spotting a developer purchasing verified Google Play accounts for $100 each on an underground forum.
Krebs noticed the same developer was also selling Android SMS malware packages that target a handful of banking customers across the globe. Banks like HSBC, ING and Citibank are all covered by the malware, which can intercept multi-factor authentication messages from these banks.
The botkit, Perkele, Finnish for “devil,” works in tandem with another form of PC malware that tricks bank customers into thinking they need to install a special security certificate on the phone. Once the victim goes ahead and installs the recommended – yet fake – mobile app and enters a special supplied code, the phone “sends an SMS back to the malware kit’s license holder.”
According to Krebs, one type of the malware that targets one bank is selling for $1,000 while a “universal kit” sells for $15,000.
The site formerly known as the Android Market has gotten a lot of flak in its one year since rebranding as Google Play. Attackers have flocked to the marketplace as dubious-looking, fake antivirus applications have begun popping up here and there. In the past year the company’s anti-malware scanning system Bouncer hasn’t exactly stopped malicious apps and premium-rate SMS malware dead in its tracks. Google recently launched it’s latest measure, a private channel for its app store in hopes of combating malicious applications from making their way to organization’s employees’ phones.
For more on Perkele, head to KrebsonSecurity.com.