Trend Micro uncovered how cybercriminals may profit from NICKISPY variants. A Chinese website offers mobile phone monitoring tools and services to customers, who are given access to the site’s backend to retrieve information. However, such services are not cheap and can cost from $300 to $540.
We’ve been reporting about several NICKISPY variants – Android malware that can monitor a phone’s activities, like SMS, phone calls, and location – here on the Malware Blog, and we’ve been curious of how use such kind of private information, and how they earn money from it.
Now, we have a clear example. We’ve found a Chinese website which offers a mobile phone monitoring service. Once a customer decides to employ the service, he or she will get an account to log into a backend server of the service, where information gathered from a target device can be viewed.
The backend service can be accessed through a portal, where the user must first send an MMS message that includes malware as an attachment to a victim’s mobile phone number. The malware, once installed on the victim’s mobile phone, will be used to monitor for information related to SMS messages, phone calls, device location, and email messages. Reports are then sent back to the backend service, which can then be accessed by the customer through the portal.
Here is the configuration page in the portal of the backend server:
As mentioned earlier, we’ve been curious as to how cybercriminals profit from distributing malicious spying tools, especially since the ones we’ve seen and reported before are mostly being offered for free. The discovery of this service certainly clears up some of these questions.
The service offers more than the typical spying tools we’ve reported before, as it takes care even the installation of the malware into the target device. But such advantages come at a price, and it’s not cheap. The service costs about 2000 – 3600 Chinese yuan, which when converted is about US$300 – $540.
The advertisement on the portal says that they offer the service to those who want to spy on someone using a phone running on Symbian, or Windows Mobile. We won’t be surprised, however, if they soon offer to those who want to target Android users, especially since spying applications such as NICKISPY are already being actively distributed on the Web.
The spying business seems to be booming for the mobile threat landscape, thus, users are strongly advised to secure their devices, and make sure that there are no spying applications installed.
Leave a reply