An Android Trojan program called Perkele that's designed to be used in conjunction with Windows online banking malware like Zeus to bypass SMS-based two-factor authentication schemes, is another example of an Android malware being offered as a service on the underground market.
Android Trojan apps like Perkele have been used as part of online banking fraud attacks in the past, but they have been generally available only to more sophisticated cyber criminal gangs. However, the creator of Perkele started selling his creation to smaller and less resourceful fraudsters for affordable prices.
"This signals the shift to malware as a service -- Zeus-in-the-mobile (Zitmo) for the masses," the F-Secure researchers said in the report. "Now anybody running a Zeus botnet can find affordable options for Zitmo."
"In a way, Android is experiencing the same fate as Windows where its huge market share works in both good and bad ways," the F-Secure researchers said. "Malware authors see plenty of opportunities yet to be explored on the relatively new and growing platform and they are drawing inspiration from Windows malware's approaches, which is why we are now seeing trends such as commoditization of malware services, targeted attacks and 419 scams popping up in the mobile threat scene."