Money Talks In China’s Booming Malware Black Market
China is basically a Santa's Grotto for cyber crooks
As underground criminals become more interested in making money from mobiles, the value of services to exploit them has become rather high. Chinese crooks are certainly aware of how to make money from people’s smartphones, as evidenced in a new Trend Micro report showing just how much illicit services are being sold for on the dark web sites used by China’s talented hackers.
The most costly service Trend found revolved apps known as “premium service abusers”, where the malicious software forces users to subscribe to things they really didn’t want to be roped into. Often, they will reply to confirmation messages on users’ behalf then delete those texts, meaning the victim is left totally unaware of the payments.
Welcome to China Town
Often rogue app makers will buy the premium numbers. Unsurprisingly, they come at a high cost. For a six-digit subscription number, the crook would have to pay out as much as $36,000 (£21,500) a year.
SMS spam is big in China too. That’s why there are a load of services offering ways to send out bulk messages. An SMS server is the most costly option, at $7,400, but this lets the user send 300 messages per minute and hijack a mobile phone in five seconds.
There are some iMessage spamming offerings, including the chance to send out 1,000 spam messages to people’s iPhones for just $16. For the same number of multimedia messages it costs $82. Or you could buy the full iMessage spamming application, which can be bought in a handily preconfigured “all you need” package at $4,900.
Text message interceptors aren’t too expensive, for anyone wanting to spy on their spouse or some other enemy. At $500, you’ll get forwarded the target’s SMS messages and can choose which ones make it to the infected device. The service promises to remain hidden from the naked eye too.
Then there’s the app ranking boosters. Want to get an app in the top 5 on the Apple App Store? It’ll cost you $9,800. For 180,000 downloads of an Android app? $106.
“Cyber criminals usually boost an app’s ranking by creating several dummy accounts to download and write good user reviews for it,” Trend notes in its report. “This is especially true for Android apps in third-party app stores in China. Doing so is, however, costly.”
If China, home to some of the world’s finest digital criminals, is this interested in mobiles, and is building up a vast underground market for smartphone exploitation, we can expect an onslaught of spam in the coming years. We can also expect a load of rogue apps designed to get people calling premium numbers, mostly doing the rounds on third party stores.
Rudimentary protections will help you here: don’t download anything from non-official stores unless you know it’s trustworthy. And don’t respond to spam. Obviously.