Trend Micro uncovered how cybercriminals may profit from NICKISPY variants. A Chinese website offers mobile phone monitoring tools and services to customers who are given access to the site’s backend to retrieve information. However, such services are not cheap and can cost from US$300–540.
We’ve been reporting about several NICKISPY variants—Android malware that can monitor a mobile phone user’s activities and whereabouts like SMS, phone calls, and location—here on the Malware Blog and we’ve been curious as to how cybercriminals use private information and earn money from stealing it.
Now, we have a clear example. We found a Chinese website that offers a mobile phone monitoring service. Once a customer decides to employ the service, he/she gets an account to log in to a backend server of the service, from which information gathered from a target device can be viewed.
The backend service can be accessed through a portal where the user must first send an MMS that includes malware as an attachment to a victim’s mobile phone number. The malware, once installed on the victim’s mobile phone, will be used to monitor information related to SMS, phone calls, device location, and email messages. Reports are then sent back to the backend service, which can then be accessed by the customer through the portal.
Here is the configuration page of the backend server’s portal:
The Remote Receiver Phone Number filed is the phone number that will receive the reports sent by the service, which contains new activity information from the monitored phone. Note that the customer may choose which number will be displayed as the sender of the MMS. Using a number that the victim is familiar with may convince him/her that he/she is receiving a normal MMS and be completely unaware that a malware was already installed in his/her device.
As mentioned earlier, we’ve been curious as to how cybercriminals profit from distributing malicious spying tools, especially since the ones we’ve seen and reported before are mostly being offered for free. The discovery of this service certainly clears up some of these questions.
The service offers more than the typical spying tools we’ve reported before, as it takes care of even the installation of the malware into the target device. But such advantages come at a price and it’s not cheap. The service costs about 2,000–3,600 Chinese yuan, which when converted to U.S. dollars amounts to about US$300–540.
The advertisement on the portal says that they offer the service to those who want to spy on someone using a phone running on Symbian or Windows Mobile. We won’t be surprised, however, if they soon offer this to those who want to target Android users, especially since spying applications such as NICKISPY are already being actively distributed on the Web.
The spying business seems to be booming in the mobile threat landscape, as such, users are strongly advised to secure their devices and to make sure that there are no spying applications installed in them.