Called obfuscation-as-a-service, the service shows how “robust the cybercriminal economy is,” as pointed out by DarkReading contributing author Ericka Chickowski.
New obfuscation-as-a-service platform found by researchers
Cybersecurity researchers detailed this obfuscation-as-a-service platform during the Botconf 2020 virtual conference. Hackers succeeded in developing a fully automated service platform that protects mobile malware Android Packet Kits (APKs) from AV detection. The service is available as a one-off payment or a recurring monthly subscription. It is translated into English and Russian, and has been open for at least six months this year, or maybe longer.
The discovery of the service is a collaborative effort of several researchers from three companies: Masarah Paquet-Clouston (GoSecure), Vit Sembera (Trend Micro), and Maria Jose Erquiaga and Sebastian Garcia (Stratosphere Laboratory). The researchers decided not to reveal the exact name of service so that its creators remain unaware of their findings. The team came across the malicious platform while analyzing the Geost Android banking Trojan. During their work, the team uncovered “leaked chat logs between Geost botnet operators referring to an obfuscation service and started poking around to discover what was being discussed,” Chickowski reported.
What does the service offer?
The obfuscation platform provides obfuscation for $20 per APK and $100 for 10 APKs. There’s also 30-day unlimited access for the price of $850. The research revealed more than 3,000 APK files submitted in VirusTotal obfuscated by the platform in 2020. It is noteworthy that this is not the only such platform, as the analysis uncovered several other competitors lurking in the underground market. However, this particular one is unique compared to others.
How efficient is the service in evading AV detection? Its quality can be rated as “medium”. The chances of detection are higher in less malicious apps, the researchers said in their presentation. However, this means that the service’s customers are authors of highly malicious applications, where the offered obfuscation can be most efficient.
If you’re interested in obfuscation and how it works, we invite you to read our article “Top 6 Advanced Obfuscation Techniques Hiding Malware on Your Device.”