Cybercriminals in Asia are taking advantage of smartphones and mobile malware to rake in significant profits through sextortion schemes, a report from Trend Micro has found.
In sextortion cases, a victim is lured into performing explicit acts that are secretly recorded and then blackmailed with the video. In a new report, researchers at Trend Micro detailed how these sextortion gangs are operating. In one case, police in Japan arrested two men suspected of being part of a gang that stole at least Ɏ3.5 million (US$29,204.88) from 22 victims between December 2013 and January 2014.
In a case in South Korea, cybercriminals posed as women, conversed with male victims on various chat applications such as Kakao Talk and setting them up for blackmail. They also convinced victims to download and install an Android data stealer and threatened to expose them. Each victim was asked to pay KRW 1 million (US$908.02) in exchange for the scammers not publicizing what they did.
The Android data stealer is used to retrieve and send victims’ contact lists to the cybercriminals with the goal of making the blackmail threats more effective, Trend Micro noted in the report.
“Our researchers have found that certain gangs in East Asia have improved on the sextortion modus operandi, creating a far more damaging effect on the victims,” blogged Ryan Flores, senior researcher at Trend Micro. “The new modus operandi involves Android malware that can steal the victims’ contact list and send them to the attackers. Attackers are then able to contact the victims’ families and friends directly—making for a more intimidating threat.”
According to Flores, Trend Micro’s investigation revealed four Android data stealer families being used in the schemes. Each variant contained “aggressive techniques” such as intercepting and logging the victims’ incoming text messages. They can also monitor changes in the infected device’s SMS inbox and block the victim from receiving new text messages unless they comply with the extortion demand. The malware can also prevent the victims from receiving calls.
“Our investigation revealed the use of four Android data stealer families for sextortion,” blogged Flores. “The malware were classified according to package name. Differences in code and functionality were seen from variant to variant, which suggests ongoing malware development.”
The investigation also led to developers in China that are in charge of creating malicious apps and sites using Chinese and Korean. While the report focuses on East Asia, sextortion cases have been spotted around the world in countries such as Canada and the U.S. as well.
“The sextortion schemes we uncovered are complex operations that involve people across cultures and nations working together to effectively run a very lucrative business,” Flores noted. “These once again prove that cybercriminals are not just becoming more technologically advanced— creating stealthier mobile data stealers, using complex stolen data drop zone infrastructures, and outsmarting banks to better evade detection—they are also improving their social engineering tactics, specifically targeting those who would be most vulnerable because of their culture.”
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Intel Co-founder, Philanthropist Gordon Moore Dies at 94
- Google Leads $16 Million Investment in Dope.security
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
