Categories: Cyber Crime

Trend Micro report on Chinese Mobile Underground Market

This report provides a brief overview of some basic underground activities in the mobile space in China, describing products and services.

Security firm Trend Micro issued an interesting report on Chinese cybercrime which is increasingly targeting mobile platforms thanks to a vast underground offer of services and tools.

Trend Micro Mobile Cybercriminal Underground Market report analyzes the monetization processes adopted by Chinese cybercriminals from illegal activities against mobile platforms.

The report designs a vast and sophisticated network of cybercriminals that are assaulting mobile devices.

“The barriers to launching cybercriminal operations are less in number than ever. Toolkits are becoming more available and cheaper; some are even offered free of charge.”

Chinese underground forums are extending their proposal exactly like Russian and Brazilian markets, it is not surprising in my opinion to see that a mobile crimeware kit can be sold for nearly 100 yuan ($16,400) and the selling of premium-rate phone numbers, which can be bought from 220,000 yuan (£21,400).

But, as stated earlier, premium service abusers can also subscribe them to unwanted services. These malicious  apps can reply via text message on users’ behalf then delete confirmation text messages, leaving no trace of what happened. As a result, users are charged subscription fees that end up in the hands of malicious app developers” states the report.

Spam is considered one of most profitable illegal activities also for mobile, let’s consider that 81% of Chinese internet users went online using their mobile phone in 2013 and that at the end of 2013 there were 500 million mobile internet users in China [China Internet Network Information Center (CNNIC)].

Mobile spammers use to send unsolicited bulk text messages (“SMS spam”) to victims’ handset to advertise products or services or to spread phishing URLs.

The devices used by cybercriminals to arrange spam campaigns are:

  • GSM modem: A device that can send and receive text messages. A 16-slot GSM modem, are available for approximately 2,600 yuan (US$430) each, can send up to 9,600 text messages per hour.
  • SMS server: A low-cost piece of radio frequency (RF) hardware that can send out software-defined radio (SDR) signals in GSM frequency ranges. The cost for a server is nearly 45,000 yuan (~US$7,400) and could arrive up to
  • Internet short message gateway: A device that mobile network carriers provide to service providers to handle bulk-text-sending services. It costs 300 yuan (~US$50) for 5,000 text messages and could arrive up to 2,800 yuan (~US$460) for 100,000 text messages.

Another illegal practice described in the report refers the use of SMS forwarders, which are Android Trojans designed to steal authentication or verification codes sent via text messages.

“They monitor text messages sent by certain phone numbers usually associated with online payment service providers and banks to intercept authentication or verification codes that they then forward to cybercriminals. Like premium service abusers, they also delete the text messages they intercept to hide traces of infection. If cybercriminals get hold of victims’ usernames in certain sites, they can easily change passwords and take control of stolen accounts”

The report mentioned spam services via Apple iMessage spammers that could be acquired in lot of 1,000 spam services for as little as 100 yuan ($16,400).

Another concerning phenomenon is the growing offer of boosting apps, App-rank boosting services are very easy to buy, to boost an iPhone app into the top five of Apple’s China app store are enough 60,000 yuan (£5,800).

To advantage the diffusion of Android malware in the Chinese Market is users’ habit to download app from Android third-party stores, cybercriminals exploit this habit paying for the number of downloads they want, with prices starting at 40 yuan (US$7) for 10,000 downloads.

My readers know my studies on the Deep Web, it provides an excellent environment to cover illegal activities, the report also confirms that cyber criminals are even more exploiting the hidden side of the Web.

“Cybercriminals are also making use of the Deep Web to sell products and services outside the indexed or searchable World Wide Web, making their online “shops” harder for law enforcement to find and take down”

Let me suggest to read the report it is full of precious data.

Pierluigi Paganini

(Security Affairs –  mobile, cybercrime )

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

1 hour ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

15 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

22 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

This website uses cookies.