Chinese cyber criminals are increasingly targeting smartphone users through underground products and services, a report by security firm Trend Micro reveals.
“Cybercriminals have quickly adapted to technological developments, current trends, and changing user behaviours,” the report said.
The report outlines common methods used by Chinese gangs to make money from the mobile web and details how mobile malware kits trade for as little as £10 in underground forums.
The aim of the report is to help mobile users understand the existing underground business model and the risks they face to help them protect their mobile devices and the data stored in them.
Mobile underground offerings include:
- Premium service numbers
- SMS forwarders
- SMS spamming services
- iMessage spamming services
- Phone number scanning services
- App rank-boosting services
According to the report, premium-rate phone numbers can be bought from £21,400 a year. These numbers are used in conjunction with malicious apps that reply to text messages and then delete confirmation messages so users unwittingly pay vast sums to cybercriminals.
SMS forwarders are Trojans designed to steal authentication or verification codes sent via text messages. They monitor text messages sent from online payment service providers and banks and intercept authentication or verification codes which are then forwarded to cybercriminals. Currently they run only on Android phones.
Spam is big business in China, where 81% of internet users went online using their mobile phone in 2013, which equates to around 405 million people, reports the BBC.
More on mobile malware
- Video: Mobile phone users prone to SMS mobile malware
- Junipers' Mobile Threats Report: Mobile malware attacks grew over 600%
- Mobile malware up 163% in 2012, says NQ Mobile
- Android mobile malware rebounds in Q2, reports McAfee
- Mobile malware and social malware: Nipping new threats in the bud
- Mobile malware on the rise
- Mobile security model flawed, says Mobile Helix
- Rapid malware growth for smartphones, reports G Data
- Obad.a analysis: Is malware on Android devices now equal to Windows?
To launch spam campaigns, cybercriminals often use a GSM modem, a device attached via USB to a computer, which can send out text messages to multiple users. A 16-slot GSM modem is available for approximately £254, and can send up to 9,600 text messages an hour.
Apple users are being targeted through iMessage spammers that are able to buy 1,000 spam services for as little as £9.60.
Phone number scanning services enable cyber criminals to filter out unused phone numbers from spamming lists to save time and money. Scanning helps spammers know the current status of phone numbers, including whether their users are online or not, or if they are still actively used. Phone numbers that pass scanning are called “real numbers” and are targeted by spammers and telephone fraudsters.
App-rank boosting services are aimed at promoting malicious apps by creating several dummy accounts to download and write good user reviews. To boost an iPhone app into the top five of Apple's China app store can cost £5,800.
In Android third-party download stores - where most Chinese Android users shop - cyber criminals pay according to the number of downloads they want, with prices starting at 40 yuan (£3.90) for 10,000 downloads.
“The barriers to launching cyber-criminal operations lessened in number than ever. Toolkits are becoming more available and cheaper; some are even offered free of charge. Prices are lower and features are richer,” the report said.
According to the report, underground forums are thriving worldwide, particularly in Russia, China, and Brazil. “These have become popular means to sell products and services to cyber criminals in the said countries. Cyber criminals are also making use of the Deep Web to sell products and services outside the indexed or searchable World Wide Web, making their online 'shops' harder for law enforcement to find and take down,” the report said.
The report concludes that these developments mean that the computing public is at risk of being victimised more than ever and must completely reconsider how big a part security should play in their everyday computing behaviours.