Digital miscreants are using fraudulent developer accounts on Google's Play marketplace to spread malware, a security researcher has found.
Brian Krebs said he discovered a malware writer buying verified developer accounts on Google Play for four times the standard US$25 charge for his "Perkele" Android SMS bot that targets banks and financial institutions in Australia, New Zealand and several other countries, attempting to bypass two-factor authentication.
Pointing to a report by security vendor Kaspersky, Krebs said that almost all mobile malware targets Android devices and that in comparison, Apple's iTunes store does a "stupendous job of keeping out malicious apps."
According to official Google figures, there are over 700,000 apps and games in the Play marketplace.
Krebs' sentiments are echoed by security vendor Avast! which notes that the year-on-year growth of malware on Android jumped 850 percent between 2012 and this year.
Another security vendor, Commtouch, picked up 178,000 Android malware samples in January, this year. Calling the figure "astonishingly high", Commtouch said this actually represents a 16 percent drop from last December, when it gathered over 214,000 unique samples.
Thanks to the hundreds of millions of Android devices sold and lack of security updates from phone vendors, the platform has become a popular target for malware developers who seek access to people's bank accounts, or seek to commit premium SMS and call fraud, as well as corporate espionage.