Target Rich Environment: Mobile Malware in China

An anonymous reader writes with this excerpt from Help-Net Security (based on the linked Trend Micro report): "Every country's cybercriminal underground market has distinct characteristics, and with 500 million national mobile Internet users and the number continuously rising, the Chinese underground market is awash with cyber crooks buying and selling services and devices aimed at taking advantage of them. Trend Micro's senior threat researchers Lion Gu has been scouring forums, online shops and QQ chats to give us a sense of what is actually going on on this burgeoning mobile underground. Mobile apps that stealthily subscribe users to premium services are, naturally, very popular with cyber crooks in China as in the rest of the world. Premium service numbers can also be bought on underground markets. Network carriers usually assign premium service numbers to qualified service providers, but obviously some of them are not [averse to] selling them on to criminals."

Can't SIM cards be traced?

[invictusvoyd]

Just insert a SIM card (or more) and you can get cracking

Can't These SIM's be traced back to the spammers?
What stops the authorities from nabbing them , now that we have mega surveillance machineries.

Re:

[tepples]

Why don't we plug the holes and develop software that isn't so unbelievably easy to hack?

Because end users will click through any permission wall if the program promises dancing pigs [wikipedia.org].

Please stop using cyber*

[Timothy Hartman]

It is is as silly to use the term cyber criminal as it is to grant patents on everyday things when used on the internet. Scams and confidence schemes are ages old and regardless of what the current technology is, criminals will take advantage of them. It can be telegram, telegraph, mail, telephone, email, mobile, or whatever. The vehicle doesn't change the act.

Re:

[ShanghaiBill]

The vehicle doesn't change the act.

Yes it does. If you try to swindle people on the street, you are going to have far fewer marks, and you are far more likely to get caught. "Cyber" criminals can swindle people anonymously and from across national borders. Unless they do something stupid, like brag about it in a bar, or take a vacation where they are wanted, the have almost complete impunity. Mt Gox was robbed of $473M, and the perps apparently got away with it. How many armed bank robbers have ever got even $1M? How many of them got a

Welcome to the New World!

[blackbeak]

What consumers around the world need to fully understand (and don't really seem to yet) is that ALL modern data-driven devices represent a new era of consumer product in that each device operates like a two-way mirror. No longer is the product simply yours to use or not. The retail side consumer, no matter what he/she believes they are doing with "their device", are merely entering data points into a vast cyber-machine -- data which numerous others will be collecting, collating, extrapolating, buying, selling, and much, much more. Every "terminal" is equally operable from the other side of the device, most often invisibly to the consumer. This new generation of products actually provides more value to the "other" owner/users (businesses, hackers and government agencies) operating behind the "mirror". Most of these devices could be handed out for free, and yet still provide gigantic profits - sort of like the paper magazine business model. When you have a connected refrigerator other entities will have it too - they just won't be using it to store food. Yet arguably that fridge will be worth more to them than to you!