A new obfuscation-as-a-service platform detailed by researchers today during the Botconf 2020 virtual conference offers yet another proof point of how robust the cybercriminal economy is at filling market needs for black hats. In this case, enterprising hackers developed a fully automated service platform for protecting mobile malware Android Packet Kits (APKs) from antivirus detection. Offered on a one-off basis or for a recurring monthly subscription, the service was available to mobile malware authors both in English and Russian for at least six months of 2020, potentially longer.
The service was found and examined by a collaborative team from three organizations: Masarah Paquet-Clouston from GoSecure, Vit Sembera from Trend Micro, and Maria Jose Erquiaga and Sebastian Garcia from the Stratosphere Laboratory. They initially got wind of the service — which they’ve chosen not to name to avoid tipping off the service operators — when they were analyzing activity surrounding the spread of the Geost Android banking Trojan botnet. They uncovered leaked chat logs between Geost botnet operators referring to an obfuscation service and started poking around to discover what was being discussed.