Cybercriminals Use Mobile Malware to siphon off money from Account holders

Trend Micro mobile researchers investigated into a hacker gang based in Yanbian, Jilin in China (located near the North Korean border). Apparently, the gang makes use of mobile malware to siphon money off bank accounts in South Korea.

Operating since 2013, the gang is able to transfer up to USD 1,600 worth of local currency from victims’ accounts every single day.

One of the lures used included a fake “The Interview” app. Also, used are fake banking apps, fake versions of popular apps, and apps that hijack mobile banking sessions. These apps are usually pushed to users through SMS. The message asks users to click malicious links that lead to APK downloads.

Much like the rest of the cybercriminals in China, members of the Yanbian Gang may have learned from so-called masters or baishis, who passed on their blackhat skills and know-how to their apprentices or shoutus.

The Yanbian Gang has four major players or groups:
1. Organizers – These serve as the founding fathers of the group. They are responsible for scouting and recruiting new members.
2. Translators – They localize threats based on the countries they wish to target.
3. Cowboys– They reside in the same countries as their attacks’ intended victims. They are responsible for collecting the proceeds from successful attacks and giving them to the organizer.
4. Malware creators – These are the malicious app developers.


About Trend Micro
Trend Micro Incorporated (TYO: 4704), a global leader in security software, strives to make the world safe for exchanging digital information. Our solutions for consumers, Trend Micro™ Smart Protection Network™ provide layered content security to protect information on mobile devices, endpoints, gateways, servers and the cloud. Trend Micro enables the smart protection of information, with innovative security technology that is simple to deploy and manage, and fits an evolving ecosystem. Leveraging these solutions, organizations can protect their end users, their evolving data center and cloud resources, and their information threatened by sophisticated targeted attacks.

All of solutions are powered by cloud-based global threat intelligence, the Trend Micro™ Smart Protection Network™, and are supported by over 1,200 threat experts around the globe.

For more information, visit Or follow our news on Twitter at @trendmicro_mea.