SECURITY
SECURITY
SECURITY
Malware-as-a-service turns Android hacking into a plug-and-play business
A new report out today from mobile security firm iVerify Inc. sheds light on the alarming ease with which cybercriminals can now rent advanced Android malware through subscription-based malware-as-a-service platforms.
The report, “Renting Android Malware Is Getting Easier – and Cheaper,” written by iVerify research fellow Daniel Kelley, explores how services are slashing the technical barrier to entry, allowing virtually anyone with a Telegram account and a few hundred dollars to launch sophisticated attacks.
According to the report, MaaS platforms now offer full-featured malware kits for as little as $300 per month. One such tool, called PhantomOS, includes capabilities such as remote silent app installs, interception of onetime passcodes for two-factor authentication, cloaking to avoid detection and phishing overlays that mimic banking and payment app login screens. Customers are given backend infrastructure, support channels via Telegram and even malware customization options to allow attackers to target specific institutions such as Coinbase Inc. or HSBC Holdings plc without writing any code.
Another tool covered in the report, called Nebula, is described as a lower-cost MaaS alternative focused on stealth and automation. Nebula quietly collects call logs, texts, contacts and GPS data before forwarding the information to the attacker.
Both highlighted MaaS services are regularly updated to stay compatible with new Android versions and include built-in mechanisms to bypass Google Play Protect and other antivirus tools.
Beyond the malware itself, the report notes that the platforms offer distribution tools and “install markets,” where attackers can buy access to already infected devices. Exploit kits, such as one targeting Android Debug Bridge misconfigurations, can scan for vulnerable devices and deploy malware at scale.
For those less inclined to handle infection directly, bulk access to compromised Android phones is available for purchase, with pricing based on geography. A complete botnet operation can be rented, including malware payloads, mass device access and management tools like the Hydra Android botnet, which offers ransomware, keylogging, SMS hijacking and full remote access for about $3,500.
Kelley warns in the report that the commoditization of Android malware is significantly lowers the barrier to entry for cybercrime. Organizations are urged to remain vigilant by using behavioral monitoring and diagnostic analysis to detect infections early.
Image: SiliconANGLE/Reve
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
