Pierluigi Paganini
March 06, 2014
Security firm Trend Micro issued an interesting report on Chinese cybercrime which is increasingly targeting mobile platforms thanks to a vast underground offer of services and tools.
Trend Micro Mobile Cybercriminal Underground Market report analyzes the monetization processes adopted by Chinese cybercriminals from illegal activities against mobile platforms.
The report designs a vast and sophisticated network of cybercriminals that are assaulting mobile devices.
“The barriers to launching cybercriminal operations are less in number than ever. Toolkits are becoming more available and cheaper; some are even offered free of charge.”
Chinese underground forums are extending their proposal exactly like Russian and Brazilian markets, it is not surprising in my opinion to see that a mobile crimeware kit can be sold for nearly 100 yuan ($16,400) and the selling of premium-rate phone numbers, which can be bought from 220,000 yuan (£21,400).
“But, as stated earlier, premium service abusers can also subscribe them to unwanted services. These malicious apps can reply via text message on users’ behalf then delete confirmation text messages, leaving no trace of what happened. As a result, users are charged subscription fees that end up in the hands of malicious app developers” states the report.
Spam is considered one of most profitable illegal activities also for mobile, let’s consider that 81% of Chinese internet users went online using their mobile phone in 2013 and that at the end of 2013 there were 500 million mobile internet users in China [China Internet Network Information Center (CNNIC)].
Mobile spammers use to send unsolicited bulk text messages (“SMS spam”) to victims’ handset to advertise products or services or to spread phishing URLs.
The devices used by cybercriminals to arrange spam campaigns are:
Another illegal practice described in the report refers the use of SMS forwarders, which are Android Trojans designed to steal authentication or verification codes sent via text messages.
“They monitor text messages sent by certain phone numbers usually associated with online payment service providers and banks to intercept authentication or verification codes that they then forward to cybercriminals. Like premium service abusers, they also delete the text messages they intercept to hide traces of infection. If cybercriminals get hold of victims’ usernames in certain sites, they can easily change passwords and take control of stolen accounts”
The report mentioned spam services via Apple iMessage spammers that could be acquired in lot of 1,000 spam services for as little as 100 yuan ($16,400).
Another concerning phenomenon is the growing offer of boosting apps, App-rank boosting services are very easy to buy, to boost an iPhone app into the top five of Apple’s China app store are enough 60,000 yuan (£5,800).
To advantage the diffusion of Android malware in the Chinese Market is users’ habit to download app from Android third-party stores, cybercriminals exploit this habit paying for the number of downloads they want, with prices starting at 40 yuan (US$7) for 10,000 downloads.
My readers know my studies on the Deep Web, it provides an excellent environment to cover illegal activities, the report also confirms that cyber criminals are even more exploiting the hidden side of the Web.
“Cybercriminals are also making use of the Deep Web to sell products and services outside the indexed or searchable World Wide Web, making their online “shops” harder for law enforcement to find and take down”
Let me suggest to read the report … it is full of precious data.
(Security Affairs – mobile, cybercrime )
