Cybercriminals can pay $20k to spread malware on the Google Play store

Play Store
(Image credit: senengmotret /

Hackers are paying up to $20,000 to get malicious apps into Google's Play Store, researchers have found.

Getting malware into the Google Play Store is something of a jackpot for cybercriminals. The app repository enjoys a high level of trust among Android users, and most of the time, they’re happy to download apps found there without second-guessing their intentions. 

To maintain its high level of trust, Google takes a number of precautions, including pre-screening apps to make sure they’re legitimate, and removing malicious ones as soon as they’re discovered.

Installing malware via updates

That’s why hackers who’ve found a way to sneak malicious apps into the repository are happy to sell that backdoor - for as much as $20,000. This is according to cybersecurity researchers from Kaspersky, as The Register reports.

The cybersecurity firm studied nine dark-web marketplaces between 2019 and 2023 and found a working, but expensive, method of getting malware to the Play Store on offer.

It’s called a “loader” - a mobile app that looks legitimate, but will at one point try to install an “update” that is malicious. The app might even work as advertised in the beginning, until at one point, it will no longer function until it’s updated, or otherwise force the victim to update another way. 

These loaders can be purchased on the dark web, ranging from $2,000, to $20,000. The price depends on the features the loader has. A user-friendly UI design, a convenient control panel, victim country filter, support for newer versions of Android, and similar, all dictate the price, Kaspersky says.

"Cybercriminals may also supplement the trojanized app with functionality for detecting a debugger or sandbox environment," the researchers added. "If a suspicious environment is detected, the loader may stop its operations, or notify the cybercriminal that it has likely been discovered by security investigators."

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.