14 DAY TRIAL // Driven by the low cost of connectivity and of hardware, cybercriminals in China have started to take aim at mobile users, trading on underground forums services and tools aimed at this type of audience.
Senior threat researcher Lion Gu from Trend Micro has delved into the current behavior of the Chinese underground activity and noticed that cybercriminals have started to adapt to the mobile trend, even coming up with services specifically crafted for the local market.
In his research, he has found that services for boosting the rank of an Android app are available. Since there is no official store from Google for China, users of the Android platform get their software from third parties, whose content does not benefit from rigorous security checks.
Cybercriminals would rely on boosting the rank of their malicious apps to gain more visibility in the store and attract more victims. This is done by creating dummy accounts and flooding the app repositories with positive reviews for specific software. They also use the accounts to increase the number of downloads.
The popularity of such services is unclear, but considering the latest incidents with the trojanized software in the third-party Maiyadi repository for iOS apps, the business should be a lucrative one for Android.
Another business opportunity offered by crooks is for premium numbers. These are assigned to qualified service providers and cybercriminals purchase them for their nefarious purposes. The malicious actors create mobile applications that enroll to a premium service without the knowledge or consent of the victim.
Lion Gu has also observed spamming services created with efficiency in mind. “When people think of spamming services, they assume that cybercriminals simply send messages to all possible numbers. That is not entirely true. Spammers actually filter out unused phone numbers to save time and money,” the researcher says in a blog post.
A scanning tool is employed to determine the current state of a phone number, which covers information like the online availability of the user and if it is actively used or not.
According to the expert, the phone numbers that pass the scanning are called “real,” and these are the ones targeted by the crooks.
Judging by the findings of the researcher, the cybercriminal landscape in China is not only diverse but also well organized.
Based on this, an increased number of threats is expected to emerge, Lion Gu believes. He will present his insights into the Chinese threat market on Friday, at the Association of anti-Virus Asia Researchers (AVAR) conference in Sidney.
