Tracking Activity in the Chinese Mobile Underground
A few months ago, we noted that the Chinese underground has continued to grow, as the cost of connectivity and hardware continues to fall, and with more users with poor security precautions in place. In short, it’s a good time to be a cybercriminal in China.
One of the more notable features of the Chinese underground is its mobile market. With China’s booming mobile market, there’s little surprise that cybercriminals have begun targeting mobile users. Some of these underground businesses and services even target mobile users alone. These tools and services are the focal point of my presentation in this year’s AVAR conference in Sydney, Australia.
One of the products sold in the underground are premium service abusers. These are apps that subscribe users to premium services without their consent or knowledge. As a result, users are charged subscription fees that end up in the hands of malicious app developers.
While premium service numbers are often assigned to qualified service providers, these numbers are also sold in the underground. Some malicious app developers buy premium service numbers from legitimate service providers and use these for nefarious purposes.
The underground market also offers services that reflect situations that are unique to China. One prime example would be app rank boosting services. Most mobile users in China rely on third-party app stores for their apps, especially since there is no official app store for Android. In order to boost the rankings of their apps, cybercriminals often create dummy accounts to download and write positive reviews. Users who see these reviews may then be convinced to download the suspicious or malicious apps.
When people think of spamming services, they assume that cybercriminals simply send messages to all possible numbers. That is not entirely true. Spammers actually filter out unused phone numbers to save time and money. They employ phone scanning services to know the current status of phone numbers, including whether their users are online or not, or if they are still actively used. Phone numbers that pass scanning are called “real numbers” and are targeted by spammers and telephone fraudsters.
Where Users Go, Cybercriminals Follow
As the mobile market in China continues to grow, so will the cybercrime threat. Cybercriminals go where their users – and potential profits – are. As the number of users in the Chinese mobile landscape grows, so will the number of users at risk from these threats. This also means that we may see an increase in the variety of threats, so new kinds of threats beyond what we see in the current threat landscape are almost certain to appear.
By providing an overview of the existing threat landscape, we hope that both users and mobile service providers are able to protect themselves and their networks against these threats.
Incoming search terms