Cybercriminals are finding new ways to send malicious apps to mobile users
Chinese
cybercriminals are increasingly targeting mobile users via a vast
underground network of tools and services, according to a new report.
Security firm Trend Micro outlines the popular methods used by Chinese gangs to make money from the mobile web.
It details how cheap some mobile malware kits can be - from as little as 100 yuan (£9.70).
Such underground forums are thriving worldwide, particularly in Russia, China and Brazil.
The
Mobile Cybercriminal Underground Market report outlines some of the key businesses operating in this vast and sophisticated network.
A GSM modem can send out thousands of spam text messages every hour
Spam devices
It includes the selling of premium-rate phone numbers, which can be bought from 220,000 yuan (£21,400).
Such numbers are used in conjunction with malicious apps that
reply to text messages and then delete confirmation messages so users
end up paying vast sums to cybercriminals without realising.
Spam is big business in a country where 81% of Chinese internet users went online using their mobile phone in 2013.
At the end of 2013 there were 500 million mobile internet
users in China, according the China Internet Network Information Center
(CNNIC).
To launch spam campaigns, cybercriminals often use a GSM
modem, a device attached via USB to a computer, which can send out text
messages to multiple users.
A 16-slot GSM modem, are available for approximately $425 (£254) each, can send up to 9,600 text messages per hour.
This spam can be used to advertise various products as well as tricking users into visiting malicious websites.
The report also talks about SMS forwarders - which are
Trojans designed to steal authentication or verification codes sent via
text messages.
They monitor text messages sent from online payment service
providers and banks and intercept authentication or verification codes
which are then forwarded to cybercriminals.
Currently they only run on Android phones.
Boosting apps
Apple users are also being targeted via iMessage spammers that
are able to buy 1,000 spam services for as little as 100 yuan (£9.60).
Also operating on the mobile underground are app-rank
boosting services, which can promote a malicious app by creating several
dummy accounts to download and write good user reviews for it.
To boost an iPhone app into the top five of Apple's China app store can cost 60,000 yuan (£5,800).
In Android third-party stores - where most Chinese Android
users shop - cybercriminals pay according to the number of downloads
they want, with prices starting at 40 yuan (£3.90) for 10,000 downloads.
The report concludes: "The barriers to launching
cybercriminal operations are less in number than ever. Toolkits are
becoming more available and cheaper; some are even offered free of
charge.
"Cybercriminals are also making use of the 'deep web' to sell
products and services outside the indexed or searchable world wide web,
making their online shops harder for law enforcement to find and take
down."
Comments