While analyzing offers of malicious apps on Google Play for sale on the Darknet, experts have discovered that malicious mobile apps and store developer accounts are being sold for up to $20,000, a new report showed on Tuesday.

Every year a wide range of malicious apps are deleted on Google Play only after victims have been infected. Cybercriminals gather on the Darknet — to buy and sell Google Play malicious apps, and additionally functions to upgrade and even advertise their creations, according to the cybersecurity firm Kaspersky.

“On Darknet, we found messages from cybercriminals complaining how it is now much harder for them to upload their malicious apps to official stores. However, this also means that they will now come up with much more sophisticated circumvention schemes, so users should stay alert and carefully check which apps they are downloading,” said Alisa Kulishenko, a security expert at Kaspersky.

Buy Me A Coffee

Moreover, the report mentioned, there are various Darknet offers for different needs and customers with different budgets, just like there are legitimate forums for selling goods.

Cybercriminals require a Google Play account and a malicious downloader code (Google Play Loader) to publish a malicious app, while a developer account can be purchased for as little as $200 and sometimes as little as $60.

Malicious loaders range in price from $2,000 to $20,000, depending on the complexity of the malware, the novelty and prevalence of malicious code, and the additional functions.

Global Investigation Shuts Down Major Phishing-as-a-Service Platform, LabHost

Most often, the malware being distributed is suggested to be hidden under cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps.

The report further said that for an additional fee, cybercriminals can obfuscate the application code, making it more difficult to detect by cybersecurity solutions.

Many attackers offer to buy installs to increase the number of downloads of a malicious app, directing traffic through Google ads and attracting more users to download the app.

Further, the report showed that Darknet sellers can also offer to publish the malicious app for the buyer so they do not directly interact with Google Play, but can still remotely receive all of the victims’ detected data.