The Latest in IT Security

Mobile Phone Monitoring Service Found


Trend Micro uncovered how cybercriminals may profit from NICKISPY variants. A Chinese website offers mobile phone monitoring tools and services to customers, who are given access to the site’s backend to retrieve information. However, such services are not cheap and can cost from $300 to $540.

We’ve been reporting about several NICKISPY variants – Android malware that can monitor a phone’s activities, like SMS, phone calls, and location – here on the Malware Blog, and we’ve been curious of how use such kind of private information, and how they earn money from it.

Now, we have a clear example. We’ve found a Chinese website which offers a mobile phone monitoring service. Once a customer decides to employ the service, he or she will get an account to log into a backend server of the service, where information gathered from a target device can be viewed.

The backend service can be accessed through a portal, where the user must first send an MMS message that includes malware as an attachment to a victim’s mobile phone number. The malware, once installed on the victim’s mobile phone, will be used to monitor for information related to SMS messages, phone calls, device location, and email messages. Reports are then sent back to the backend service, which can then be accessed by the customer through the portal.

Here is the configuration page in the portal of the backend server:

Click for larger view
The Remote Receiver Phone Number filed is the phone number that will receive the reports sent by the service which contains new activity information from the monitored phone. Note that the customer may choose which number will be displayed as the sender of the MMS message. Using a number that the victim is familiar with may convince the victim that he or she is receiving a normal MMS message, and be completely unaware that a malware was already installed in their device.

Click for larger view Click for larger view
Click for larger view Click for larger view


As mentioned earlier, we’ve been curious as to how cybercriminals profit from distributing malicious spying tools, especially since the ones we’ve seen and reported before are mostly being offered for free. The discovery of this service certainly clears up some of these questions.

The service offers more than the typical spying tools we’ve reported before, as it takes care even the installation of the malware into the target device. But such advantages come at a price, and it’s not cheap. The service costs about 2000 – 3600 Chinese yuan, which when converted is about US$300 – $540.

The advertisement on the portal says that they offer the service to those who want to spy on someone using a phone running on Symbian, or Windows Mobile. We won’t be surprised, however, if they soon offer to those who want to target Android users, especially since spying applications such as NICKISPY are already being actively distributed on the Web.

The spying business seems to be booming for the mobile threat landscape, thus, users are strongly advised to secure their devices, and make sure that there are no spying applications installed.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments