Connect with us

Hi, what are you looking for?


Mobile & Wireless

Inside China’s Market for Mobile Cybercrime

Market research firm eMarketer predicts that more than 4.5 billion people in the world will use a mobile phone in 2014. That means more customers for smartphone companies; it also means more potential victims for attackers.

Market research firm eMarketer predicts that more than 4.5 billion people in the world will use a mobile phone in 2014. That means more customers for smartphone companies; it also means more potential victims for attackers.

That reality has made for a boom in the market for malware and cybercrime services related to mobile devices. In a recent whitepaper, Trend Micro Senior Threat Researcher Lion Gu examined the Chinese cyber-underground, and discovered that hackers can find everything they need to launch a variety of scams, from schemes related to premium service numbers to text message spamming.

“Smartphone [use] boosts the market a lot,” Gu explained. “Before smartphones got popular, the market was weak and only offered SMS spamming service. As Android phone and iPhone are attracting many users, new businesses are invented like app rank boosting, iMessage spamming, Android SMS forwarding Trojan and so on.”

There are no forums dedicating to such services, he said. Many mobile underground activities still appear in traditional underground platforms like QQ chat group.

“Usually, such services’ transactions are done on customer-to-customer online shopping platforms like Taobao,” he told SecurityWeek. “[A] service provider creates an online shop on Taobao and lists some legal goods in the online shop. If a buyer decides to buy some service from the service provider, he/she will be guided to buy legal good with the same price as the illegal service. [The] buyer pays money to [the] online shopping platform first, and then notifies [the] online shopping platform to transfer money to service provider after buyer gets his/her service. Online shopping platforms are abused by cybercriminals.”

The services themselves run the gamut. For example, subscribing victims to unauthorized premium SMS is a popular scam by malicious apps that requires getting premium service numbers. These numbers are sold in the underground to criminal groups. 

“People who wish to subscribe to premium services send providers a text message to do so,” according to the report. “They then receive a confirmation text message from the provider. To complete their subscription, users need to send a confirmation text message. But, as stated earlier, premium service abusers can also subscribe them to unwanted services. These malicious apps can reply via text message on users’ behalf then delete confirmation text messages, leaving no trace of what happened. As a result, users are charged subscription fees that end up in the hands of malicious app developers.”

Malware authors can also make money through SMS forwarding Trojans designed to steal authentication or verification codes sent via text message. The malware works by monitoring text messages sent by compromised phones on the lookout for messages from banks, online payment service providers and others. Armed with the verification code, they could potentially take control of stolen accounts.

Advertisement. Scroll to continue reading.

“Most common SMS forwarding Trojans are malicious Android apps,” Gu said. “Cybercriminals usually insert Trojan code into some popular apps, and then distribute the repacked malicious apps in third-party app stores.”

“Due to the nature of the third-party app stores offering mainly free apps,” he added, “their process for vetting new apps for maliciousness may be hampered. As such, mobile users who have to utilize third-party stores could be put at more risk of being compromised.”

These Trojans typically go for about $500 USD, according to the report. Getting users to buy those apps can be helped by app rank boosting services.

“Regardless where users download apps, however, all app stores rank and recommend apps to customers,” the report notes. “And no matter what ranking algorithm an app store adopts, download numbers and reviews always play a part in determining an app’s ranking. Consequently, users consider an app’s ranking when deciding whether or not they would download it.”

Cybercriminals can boost an app’s ranking by creating several dummy accounts to download and write good user reviews for it. This is often done manually, and can be costly. Getting an iPhone app ranked in the top five in the Apple app store could cost some $9,800.

“As evidenced by the thriving mobile underground economy, cybercriminals have quickly adapted to technological developments, current trends, and changing user behaviors,” the report notes. “As part of the security industry, we must pay attention to developments in the mobile underground. And we should exert effort to educate mobile users on the risks they face and help them improve their security posture so they can protect not just their mobile devices but also the information stored in them.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.