Chinese cybercriminals buy ranking for malware Apps

News by Steve Gold

Boosting an iPhone app into the top five of Apple's China app store costs around £5,800 says Trend Micro, while 10,000 android downloads cost £3.90.

Operating a business is all about effective planning and making the best use of the available resources to optimise efficiency - and according to a report from Trend Micro, this is exactly what Chinese cybercriminals are doing, and on an industrial scale.

According to the report - entitled `The Mobile Cybercriminal Underground Market in China' - Chinese cybercriminals are using advanced cellular technology to make their revenue extraction processes more efficient.

[Report URL: ]

In his report, Lion Gu of Trend's Forward-Looking Threat Research Team, says that cybercriminals are using cellular number verification units that use pattern dialling to check whether a given number is active. Using units containing 16 SIM cards, the custom devices are capable of verifying several thousand numbers per hour.

A typical 16-slot GSM modem, says the report, sells for around £254 and can also generate up to 9,600 text messages per hour, for spam adverts, as well as tricking users into visiting malicious Web sites. The report also discusses the technology behind SMS forwarders - which are trojans designed to steal authentication or verification codes sent via text messages.

These custom Android apps monitor text messages sent from online payment service providers and banks, and intercept authentication or verification codes which are then forwarded to cybercriminals. Apple users, meanwhile, are also being targeted via iMessage spammers that are able to buy 1,000 spam services for under £10.00.

Perhaps the most intriguing services available on the Chinese dark Web are app-rank boosting services, which can promote a malicious app by creating several dummy accounts to download and write positive user reviews for it. Trend's report claims that, to boost an iPhone app into the top five of Apple's China app store costs around £5,800.

Android app store manipulation is a lot cheaper as cybercriminals will generate 10,000 downloads of a given app for as little as £3.90 using automated processes.

Like any other market, says Trend, the laws of supply and demand dictate prices and feature offerings. But what is more interesting to note, adds the report, is that recently prices have been going down.

China is not the only country where cybercriminal automation is taking off. Other countries include Brazil and Russia - which Trend says it has investigated in similar depth.

Commenting on the report, Michael Sutton, VP of Security Research with security vendor Zscaler, said that market for mobile malware is particularly strong in China as Android users commonly use third party app stores, rather than the official Google Play store.

"The more open nature of Android may be desirable for consumers, but it's also desirable for criminals. Criminals take advantage of the fact that Android permits apps to be installed from third party app stores, many of which do little to filter out content that may be malicious," he explained.

The mobile malware underground, says Sutton, is slowly maturing.

“As with the traditional malware scene, specialists are emerging who then sell or rent their services as opposed to trying to conduct the full attack independently,” he said.

Jaime Blasco, Director of open source security software specialist AlienVault's research operation, said that most of the profitable mobile malware out there is based on SMS premium services.

"Once banks started to add a second-factor authentication via SMS for transactions, we saw how cybercriminals started to create pieces of malware for Blackberry, Android and Windows phone to forward the text messages sent by the bank. One of the most famous ones is called Zitmo (Zeus in the mobile)," he added.

Professor John Walker, a Visiting Professor with Nottingham-Trent University's School of Science and Technology, said that advanced cybercriminal techniques - such as ones detailed in Trend's report - are often dismissed when experts first start talking about them.

"I well remember Winn Schwartau [author: Information Warfare: Chaos on the Electronic Superhighway 1994] standing up at a conference in the early 1990s and discussing cybercrime and cyber attacks. Everyone thought he was a little off-beam. History has subsequently proven him to be right. The problem is that, when IT thought leaders make new claims they tend to be shot down - when in fact organisations should be heeding the conclusions and taking steps to remediate the attack vectors being used," he said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews