A peek into China’s burgeoning mobile cybercriminal underground
Every country’s cybercriminal underground market has distinct characteristics, and with 500 million national mobile Internet users and the number continuously rising, the Chinese underground market is awash with cyber crooks buying and selling services and devices aimed at taking advantage of them.
Trend Micro’s senior threat researchers Lion Gu has been scouring forums, online shops and QQ chats to give us a sense of what is actually going on on this burgeoning mobile underground.
Mobile apps that stealthily subscribe users to premium services are, naturally, very popular with cyber crooks in China as in the rest of the world. Premium service numbers can also be bought on underground markets. Network carriers usually assign premium service numbers to qualified service providers, but obviously some of them are not adverse of selling them on to criminals.
Another type of malicious SMS-sending apps are the so-called SMS forwarders – apps that intercept text messages carrying sensitive data and forward it to the crooks. These messages include those with reset passwords, verification codes, etc.
“Like premium service abusers, they also delete the text messages they intercept to hide traces of infection. If cybercriminals get hold of victims’ usernames in certain sites, they can easily change passwords and take control of stolen accounts,” Gu points out.
Next are SMS and iMessage spamming software and devices. This type of spam usually delivers unwanted and pricy offers of goods and services, as well leads users to sites hosting malware or phishing forms.
To send out spam messages in huge numbers, the crooks can buy and use a number of different devices.
GSM modems can both send and receive text messages, and they function as a normal mobile phone. Just insert a SIM card (or more) and you can get cracking. Just go give you an idea: a 16-slot (with a SIM card in each) GSM modem can send 9,600 text messages per hour.
Internet short message gateways can do it even faster. These devices are usually provided to service providers by mobile network carriers, but can obviously be misused by cyber scammers as well.
An SMS server – also known as “fake base station” – is radio frequency hardware that can send out software-defined radio signals in GSM frequency ranges.
“When running, an SMS server announces itself as a base station by sending a high-power signal, which forces all nearby mobile phones to disconnect from the legitimate base stations of their network carriers and instead connect to the SMS server. The SMS server can then push out spam to the mobile phones,” Gu explains. “When finished, the SMS server disconnects from the mobile phones, which are then reconnected to their legitimate base stations.”
iMessage spam computer software finds phone numbers tied to Apple devices and sends messages to it.
Phone-number-scanning services are also popular with SMS spammers that don’t want to waste their time and effort by sending out spam to numbers that are temporarily or no longer in use.
Finally, there are services that offer to boost the rank of malicious apps on third-party app stores, which are dominant in China.
All of these devices and service come at a price, and you can check out the typical price lists in Gu’s whitepaper.