Sextortion Schemes Using Mobile Malware in Asia: Trend Micro | Blog | Secure Application

Sextortion Schemes Using Mobile Malware in Asia: Trend Micro

Thursday, April 16, 2015

Posted by - Comments(0)

In a new report, researchers at Trend Micro detailed how these sextortion gangs are operating. In one case, police in Japan arrested two men suspected of being part of a gang that stole at least Ɏ3.5 million (US$29,204.88) from 22 victims between December 2013 and January 2014. 

In a case in South Korea, cybercriminals posed as women, conversed with male victims on various chat applications such as Kakao Talk and setting them up for blackmail. They also convinced victims to download and install an Android data stealer and threatened to expose them. Each victim was asked to pay KRW 1 million (US$908.02) in exchange for the scammers not publicizing what they did.

The Android data stealer is used to retrieve and send victims’ contact lists to the cybercriminals with the goal of making the blackmail threats more effective, Trend Micro noted in the report.

"Our researchers have found that certain gangs in East Asia have improved on the sextortion modus operandi, creating a far more damaging effect on the victims," blogged Ryan Flores, senior researcher at Trend Micro. "The new modus operandi involves Android malware that can steal the victims’ contact list and send them to the attackers. Attackers are then able to contact the victims’ families and friends directly—making for a more intimidating threat."

According to Flores, Trend Micro's investigation revealed four Android data stealer families being used in the schemes. Each variant contained "aggressive techniques" such as intercepting and logging the victims' incoming text messages. They can also monitor changes in the infected device's SMS inbox and block the victim from receiving new text messages unless they comply with the extortion demand. The malware can also prevent the victims from receiving calls. 

"Our investigation revealed the use of four Android data stealer families for sextortion," blogged Flores. "The malware were classified according to package name. Differences in code and functionality were seen from variant to variant, which suggests ongoing malware development."

The investigation also led to developers in China that are in charge of creating malicious apps and sites using Chinese and Korean. While the report focuses on East Asia, sextortion cases have been spotted around the world in countries such as Canada and the U.S. as well.

"The sextortion schemes we uncovered are complex operations that involve people across cultures and nations working together to effectively run a very lucrative business," Flores noted. "These once again prove that cybercriminals are not just becoming more technologically advanced— creating stealthier mobile data stealers, using complex stolen data drop zone infrastructures, and outsmarting banks to better evade detection—they are also improving their social engineering tactics, specifically targeting those who would be most vulnerable because of their culture."