Trend Micro report reveals wide variety of tactics being developed and used by cybercriminals in China
Chinese cybercriminals are increasingly targeting mobile users as they develop ever more sophisticated hacking tools, according to new research from security firm Trend Micro.
Its Mobile Cybercriminal Underground Market report revealed that Chinese hackers are using a variety of in-depth malware and malicious code programs to target users both at home and in the West, with mobile malware kits available to buy from as little as 100 yuan (around £10) on the black market.
“The barriers to launching cybercriminal operations are less in number than ever,” the report stated. “Toolkits are becoming more available and cheaper; some are even offered free of charge.”
The increasing demand for mobile Web access in China has created a lucrative market for cybercriminals trying to exploit what are often vulnerable devices which can be hijacked and used for illegal activities.
Spam networks are among the most popular tools for hackers, who use a GSM modem connected to multiple handsets in order to send out text messages to multiple users. These malicious messages include SMS forwarders – Trojans designed to steal authentication or verification codes sent via text messages. These programs monitor text messages sent from online payment service providers or banks to intercept authentication or verification codes which are then forwarded to cybercriminals.
Although attacks on Apple’s iMessage service were beginning to increase, the report found that it was still users of Google’s Android software who were most at risk. This is not a new issue, however, as last December, researchers at FireEye uncovered 64 Android botnet campaigns which were apparently redirecting SMS messages to Chinese email addresses.
Another major trend is the rise of app-rank boosting services, which can artificially promote a malicious app. The programs create many fake profiles to download and write fake reviews for the app, leading it to receive more attention on popular marketplaces such as Google Play or the iOS App Store.
The price varies depending on which store criminals want to target, as to boost an iPhone app into the top five of Apple’s China app store can cost 60,000 yuan (£5,800). However cybercriminals looking to target Android users pay according to the number of downloads they want, as many Chinese consumers use third-party marketplaces to download apps, with prices starting at 40 yuan (£3.90) for 10,000 downloads.
China is one of the world’s fastest growing mobile markets, expanding by 86.3 percent during 2013 according to recent Gartner figures. However it is dominated by native firms such as ZTE, Huawei and Lenovo, with Western companies like Apple (which assembles its devices in China with Foxconn) largely shut out. This may change soon, however, as the Cupertino-based manufacturer recently announced a deal with China Mobile (which has 760 million subscribers) to supply a first shipment of 1.2m iPhones into the country.
The Chinese Academy of Sciences (CAS) recently launched China OS, an independent operating system intended to compete with the likes of Apple’s iOS, Google’s Android and Microsoft’s Windows, in a move backed by the Chinese government as well as Taiwanese mobile device maker HTC. The Linux-based software, called China Operating System or COS, is built with heightened security and usability features as China looks to prevent any further security issues akin to the NSA surveillance scandal.
“Cybercriminals have quickly adapted to technological developments, current trends, and changing user behaviours,” Trend Micro’s report concluded, recommending that further education of mobile users is paramount in order for the public to protect their data and their mobile devices.
What do you know about Internet security? Find out with our quiz!