• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Malware   »   Prototype Nation: Emerging Innovations in Cybercriminal China

Prototype Nation: Emerging Innovations in Cybercriminal China

  • Posted on:November 23, 2015 at 4:57 am
  • Posted in:Malware
  • Author:
    Lion Gu (Senior Threat Researcher)
0

Cybercrime doesn’t wait for anything or anyone. Two years after publishing our last report on the wares and services traded in the bustling Chinese underground, we found that the market’s operations have further expanded. From traditional malware, Chinese cybercriminals are now looking toward newer innovations and technologies to boost their operations.

The Chinese underground now

Our past explorations of the Chinese underground showed how quickly cybercriminals had adapted to technological advancements and trends. 2015 was no different, as evidenced by offerings like data dumps (either leaked or stolen) traded underground as well as new hardware like point-of-sale (PoS) and automated teller machine (ATM) skimmers for sale. The existence of these offerings shows just how well the underground has kept up with events in the real world.

Cybercriminals in China have made it easier for anyone to search for data dumps in the underground. CnSeu is an example of a forum used for trading leaked data. Anyone can buy and sell leaked data with forum coins or credit points that can be purchased on Alipay with corresponding amounts in RMB (RMB 1 = 10 forum coins = ~US$0.16).

While forums have been keeping cybercriminals connected with one another, the bad guys have managed to come up with even more ways to offer stolen data. They’ve built SheYun, a search engine specifically created to make leaked data available to users. SheYun has a government database that lets its users query information. Ironically, it also has a privacy-protection feature for those who wish to prevent their own data from appearing as search results.


Figure 1. SheYun’s search database contains leaked data ranging from bank account credentials to poker account information

Carding devices like PoS and ATM skimmers are also offered at fairly reasonable prices. PoS skimmers sold underground have an SMS-notification feature. This grants cybercriminals greater flexibility and convenience, allowing them to instantly get their hands on stolen data via SMS every time the tampered devices are used. It frees them from physically collecting stolen information. These skimmers can sell for US$788 while ATM skimmers cost US$1,261.

Also sold are mass-produced pocket skimmers or small magnetic card readers that can store track data from up to 2,048 payment cards. These do not need to be connected to a computer or even require an external power supply to function. Any unscrupulous store staff member can, for instance, swipe an unwitting customer’s card on a pocket skimmer in order to steal credit card data and later use it for fraud. Pocket skimmers sell for US$142.


Figure 2. Typical modus operandi that PoS skimmer sellers use

 

A reflection of the times

Two years is plenty of time in the Chinese cybercriminal underground. Since our last report on the wares and services traded in this bustling marketplace, its operations have further expanded. These new hardware and channels have gone beyond being mere proofs of concept, turning into working models that drive the cybercrime trends in China today.

An in-depth look at our investigations into this cybercrime community can be found in our paper, Prototype Nation: The Chinese Cybercriminal Underground in 2015. This investigation is part of our Cybercriminal Underground Economy Series (CUES), which looks at various online communities of cybercriminals.

moplus1

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: ATM skimmerblack marketChinese cybercrimeChinese undergroundCUEScybercrimecybercriminal undergroundcybercriminal underground economy seriesPOS

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.