Market research firm eMarketer predicts that more than 4.5 billion people in the world will use a mobile phone in 2014. That means more customers for smartphone companies; it also means more potential victims for attackers.
That reality has made for a boom in the market for malware and cybercrime services related to mobile devices. In a recent whitepaper, Trend Micro Senior Threat Researcher Lion Gu examined the Chinese cyber-underground, and discovered that hackers can find everything they need to launch a variety of scams, from schemes related to premium service numbers to text message spamming.
“Smartphone [use] boosts the market a lot,” Gu explained. “Before smartphones got popular, the market was weak and only offered SMS spamming service. As Android phone and iPhone are attracting many users, new businesses are invented like app rank boosting, iMessage spamming, Android SMS forwarding Trojan and so on.”
There are no forums dedicating to such services, he said. Many mobile underground activities still appear in traditional underground platforms like QQ chat group.
“Usually, such services’ transactions are done on customer-to-customer online shopping platforms like Taobao,” he told SecurityWeek. “[A] service provider creates an online shop on Taobao and lists some legal goods in the online shop. If a buyer decides to buy some service from the service provider, he/she will be guided to buy legal good with the same price as the illegal service. [The] buyer pays money to [the] online shopping platform first, and then notifies [the] online shopping platform to transfer money to service provider after buyer gets his/her service. Online shopping platforms are abused by cybercriminals.”
The services themselves run the gamut. For example, subscribing victims to unauthorized premium SMS is a popular scam by malicious apps that requires getting premium service numbers. These numbers are sold in the underground to criminal groups.
“People who wish to subscribe to premium services send providers a text message to do so,” according to the report. “They then receive a confirmation text message from the provider. To complete their subscription, users need to send a confirmation text message. But, as stated earlier, premium service abusers can also subscribe them to unwanted services. These malicious apps can reply via text message on users’ behalf then delete confirmation text messages, leaving no trace of what happened. As a result, users are charged subscription fees that end up in the hands of malicious app developers.”
Malware authors can also make money through SMS forwarding Trojans designed to steal authentication or verification codes sent via text message. The malware works by monitoring text messages sent by compromised phones on the lookout for messages from banks, online payment service providers and others. Armed with the verification code, they could potentially take control of stolen accounts.
“Most common SMS forwarding Trojans are malicious Android apps,” Gu said. “Cybercriminals usually insert Trojan code into some popular apps, and then distribute the repacked malicious apps in third-party app stores.”
“Due to the nature of the third-party app stores offering mainly free apps,” he added, “their process for vetting new apps for maliciousness may be hampered. As such, mobile users who have to utilize third-party stores could be put at more risk of being compromised.”
These Trojans typically go for about $500 USD, according to the report. Getting users to buy those apps can be helped by app rank boosting services.
“Regardless where users download apps, however, all app stores rank and recommend apps to customers,” the report notes. “And no matter what ranking algorithm an app store adopts, download numbers and reviews always play a part in determining an app’s ranking. Consequently, users consider an app’s ranking when deciding whether or not they would download it.”
Cybercriminals can boost an app’s ranking by creating several dummy accounts to download and write good user reviews for it. This is often done manually, and can be costly. Getting an iPhone app ranked in the top five in the Apple app store could cost some $9,800.
“As evidenced by the thriving mobile underground economy, cybercriminals have quickly adapted to technological developments, current trends, and changing user behaviors,” the report notes. “As part of the security industry, we must pay attention to developments in the mobile underground. And we should exert effort to educate mobile users on the risks they face and help them improve their security posture so they can protect not just their mobile devices but also the information stored in them.”
