The Mobile Cybercriminal Underground Market in China
There is a thriving market where cybercriminals go to buy and sell products and services needed for their next attack plots. This underground economy has equipped attackers with tools that can be purchased from peers in competitive prices. And much like any other market, the laws of supply and demand highly dictate prices and feature offerings.
As part of the Cybercriminal Underground Economy Series, this Trend Micro paper pores over the emergence of the so-called “mobile underground” in China as a result of the shift to the mobile Web among users for both work and entertainment. The research paper zooms in on basic underground activities, as seen through mobile underground products and services—obtained largely from various sources and QQ chats.
Mobile Underground Offerings:
- Premium Service Numbers: These are sold underground to any interested buyer, usually malicious app developers who buy them from legitimate service providers for nefarious purposes. These commonly includes subscribing victims to premium mobile services that they may not even be interested in.
- SMS Forwarders: These are essentially Trojans designed to steal authentication or verification codes sent via SMS driven by malicious intent. Presently, these are seen running only on Android devices. Much like premium service abusers, SMS forwarders evade detection and leave no traces of infection, thanks to its capability to delete the text messages they intercept.
- SMS Spamming Services and Devices: Unsolicited bulk text messages that usually advertise products or services are sent by cybercriminals either with the help of peers who offer knowledge in spamming mobile device users or actual hardware, Three of the most commonly-used hardware are as follows:
- GSM modem: A device that operates much like a regular mobile phone, that which can send and receive text messages. Using a SIM card to connect to a mobile network, these modems can also be connected via a serial USB and can be controlled by an application running on a computer. A particular 16-slot GSM modem can send 9,600 text messages in an hour.
- Internet short message gateway: Mobile network carriers provide service providers with these devices with bulk-text-sending services. When abused, these devices can make spamming a lot easier for scammers with sending speed that is remarkably higher than that of a GSM modem’s.
- SMS server: This is a low-cost piece of radio-frequency hardware that has the capacity to send out software –defined radio signals in GSM frequency ranges that are useful for sending out SMS spam.
- iMessage Spamming Services and Software: The popularity of iMessage, Apple’s instant-messaging service on both iOS and OS X obviously made it a prime cybercrime target, which is why iMessage spamming is gaining notoriety. And since the iPhone has quadrupled its market share in the China, iMessage spam has proven to be a good threat vector, prompting cybercriminals to purchase software that can successfully carry this out.
- Phone-Number-Scanning Services: Filtering out unused phone numbers from spamming lists is vital for any SMS spammer and phone fraudster. Scanning services help cybercriminals know the current status of phone numbers, including whether their users are online or not, in order to save time and money.
- App-Rank-Boosting Services: Cyber crooks usually boost an app’s ranking through dummy accounts where they can download and write good user reviews for it. This is essential for cybercriminals to make users download their apps to penetrate their system.
Crafting ways and tactics to battle an enemy starts from building an arsenal of knowledge and awareness of how they think and more importantly, predicting their next course of action. This paper introduces several common types of mobile underground offerings in China that are influenced by trends, technological developments, and adaptation to changing user behavior.
For a more detailed, in-depth look, read the full research paper “The Mobile Cybercriminal Underground Market in China”.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report