• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

 | 

Taking over millions of developers exploiting an Open VSX Registry flaw

 | 

OneClik APT campaign targets energy sector with stealthy backdoors

 | 

APT42 impersonates cyber professionals to phish Israeli academics and journalists

 | 

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

 | 

Cisco fixed critical ISE flaws allowing Root-level remote code execution

 | 

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

 | 

CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

 | 

Hackers deploy fake SonicWall VPN App to steal corporate credentials

 | 

Mainline Health Systems data breach impacted over 100,000 individuals

 | 

Disrupting the operations of cryptocurrency mining botnets

 | 

Prometei botnet activity has surged since March 2025

 | 

The U.S. House banned WhatsApp on government devices due to security concerns

 | 

Russia-linked APT28 use Signal chats to target Ukraine official with malware

 | 

China-linked APT Salt Typhoon targets Canadian Telecom companies

 | 

U.S. warns of incoming cyber threats following Iran airstrikes

 | 

McLaren Health Care data breach impacted over 743,000 people

 | 

American steel giant Nucor confirms data breach in May attack

 | 

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

 | 

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes' Data from Saudi Games

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Security
  • APWG Mobile Financial Fraud report & mobile black market

APWG Mobile Financial Fraud report & mobile black market

Pierluigi Paganini May 06, 2013

APWG published the interesting study APWG Mobile Financial Fraud report on the underground marketplace that revealed the explosion of prolific mobile fraud malware market.

The APWG Mobile Financial Fraud report resumed The Anti-Phishing Mobile Working Group investigating on the expansion of the black market for mobile malicious code, the study is crucial to understand the evolution of criminal activities and to put in place the proper action to mitigate the growing cyber threats that abuse of mobile platforms.

The rapid diffusion of mobile devices as attracted the cybercrime industry that is taking advantage of sales of smart mobile phones and mobile devices.

In the next few years global mobile payments are predicted to exceed $1.3tn and number of mobile devices is surpassing the number of PCs, by 2015 it is estimated there will be 2 billion + mobile devices, criminal organization are investing in mobile technologies to realize new fraud schema and frauds.

The mobile device are small devices equipped with any kind of technology (GPS, accelerometers, gyroscopes, magnetometers, proximity sensors, microphones, cameras and radio (cellular, Bluetooth, Wi‐Fi, RFID, NFC), that is used to interact with the user and the world around him.

Attackers can exploit vulnerabilities in these components for profit or cyber espionage purposes, as the APWG Mobile Financial Fraud report states there are genuine concerns over privacy.

The APWG Mobile Financial Fraud report defines existing malware markets explaining how cyber criminals operate, the principal products sold in the emerging underground mobile market are malware, pocket botnets and attack services designed to steal money from the victims.

The APWG Mobile Financial Fraud report a great interest also a large diffusion of “track and trace” intrusion techniques used to spy on user’s usage for intelligence purposes.

Virustotal currently states  5.6 million reported potentially malicious files for Android (APK, dyn‐calls, checks‐GPS, etc.) of which 1.3 million are confirmed malicious by 2 or more AV vendors.

APWG Mobile Financial Fraud report  Global Mobile Threat

The The APWG Mobile Financial Fraud report listed the following principal vulnerabilities exploited for mobile devices:

  • Architecture
  • Infrastructure
  • Hardware vulnerabilities
  • Permission systems
  • Software vulnerabilities
  • Communication/delivery channels (Wi‐Fi, SMS, Bluetooth)
  • Near Field Communication
  • PtH (Passing the Hash)

Once identified the different components of mobile architecture and the vulnerabilities that could affect its component the author of the APWG Mobile Financial Fraud proposed intriguing data on the pricing of the offer in the underground to exploit the flaw identified:

APWG Mobile Financial Fraud report Pricing underground

The mobile malware underground market appears very active, it is able to propose continuously new products and customized development to respond to the customer’s demand.

The contributors of the APWG Mobile Financial Fraud report highlighted the capabilities of cybercriminals to manipulate the market and maximize the potential of advertising on underground forums and social networking sites.

The market offers not only malware, it also gives all the instruments for cyber espionage purposes using the tools used traditionally for penetration testing and adapted for mobile devices.

The monetization of mainly realized by criminals through underground partnership programs principally realized with SMS scams.

“Unsolicited SMS or calls to expensive numbers in different countries run up large bills to the credit of the billing provider. Some underground cybercrime services take advantage of mobile traffic using targeted attacks to download software which is charged on the basis of “Pay Per Install” (PPI).” the report states.

When we discuss of malware and cyber attacks we cannot forget zero-day exploits, the APWG Mobile Financial Fraud report revealed that t 0-days underground market is rising up too with a various and efficient offer especially for Android.

The offer for zero-day exploits is usually verticalised on specific brands (i.e. Samsung, Huawei), “and handset models, which will then be “weaponized” and used massively to distribute mobile malware campaigns”.

As written in my previous article, mobile botnets have passed are a serious threat because they are becoming increasingly sophisticated.

The architectures and the monetization strategy related to mobile botnets are the similar for classical botnet malware for PCs,  botnets can be used to redirect the traffic on mobiles to a malicious website, for the purpose of monetizing or to conduct a DDoS Attack such as the case of the malware Android.DDoS.1.origin, detected for Android platforms.

APWG Mobile Financial Fraud report mobile botnet

The APWG Mobile Financial Fraud report revealed also the diffusion in the mobile black market of dedicated tools which make the building of a botnet for the ‘wouldbe’ botmaster, these kits allow unskilled criminals to easily manage a malicious architecture.

Meaningful the last statements that close the report:

“The mobile malware market is already alive and thriving. Only an integrated, global response based on cooperation, education and awareness can limit its success.”

The report is a mine of interesting information, I publicly thanks Jart Armin for the effort and the passion he spends in the fight against the cybercrime.

A special thanks also to other two contributors with whom I’m in direct contact, Andrey Komarov and Raoul Chiesa.

Pierluigi Paganini

(Security Affairs – Cybercrime, mobile)


facebook linkedin twitter

Android APWG Mobile Financial Fraud report black market cyber espionage Cybercrime malware mobile mobile botnets underground zero-Day

you might also like

Pierluigi Paganini June 27, 2025
Taking over millions of developers exploiting an Open VSX Registry flaw
Read more
Pierluigi Paganini June 27, 2025
OneClik APT campaign targets energy sector with stealthy backdoors
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

    Malware / June 28, 2025

    Taking over millions of developers exploiting an Open VSX Registry flaw

    Hacking / June 27, 2025

    OneClik APT campaign targets energy sector with stealthy backdoors

    Hacking / June 27, 2025

    APT42 impersonates cyber professionals to phish Israeli academics and journalists

    APT / June 27, 2025

    Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

    Cyber Crime / June 26, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT