Cell phone Trojan industrial chain "shady": stolen, robbed and cheated three types of clear-cell phones, Trojan-IT information

Trojans chain involves a lot of links, cross-border crime, increase the difficulty of combating, became a global problem. Trojan horse belongs to the high-tech crime and governance program in addition to relevant departments to crack down on outside, as well as handset vendors, security software companies, telecommunications operators form a cohesive force between. One alone, it is difficult to completely cut off the horse industry chain

Cell phone Trojan, this concept is no stranger to mobile phone owners. However, for complex industrial chain behind cell phone Trojan, most people are not necessarily fully understood.

Recently, some Internet security platform issued the report on 2016 Android malware, Trojans for mobile and the underlying analysis of the industry chain. Reporter for the legal daily found that cell phone Trojan industrial chain has become a prominent security Internet security risks.

Cell phone Trojans three categories

Blackmail sex fishing software

2016 Android malware thematic reports published by the 360 Mobile guard. In this report, researchers found that, in all kinds of malware, several "classic" type is still against the user's primary category, fishing software, pornography, extortion software player into the mainstream, and the threat of the stubborn trojans is becoming extremely difficult to detect phone system security problems.

This copies report think, fishing software usually to carefully design of false page, and induced sex of text pictures to pretend really; fishing software of purpose is "stole", not only can will user in false page Shang entered of including bank card, and account password, important privacy information for return, also will steal user phone in the of SMS, and contact, information, through wrongful means collection user important personal information, against user privacy and property security.

Fishing software "stealing" is different, Ransomware aims to "grab". Researchers found that domestic software extortion target population of infection, are some of the people who frequented the paste, there is hope for all kinds of so-called "weapon" "plug-in" game QQ Group Member, such people are overwhelmingly 00 or after the user.

In addition, the sex player software designed to "trick", mainly in the induced recharge, malicious service and advertising as a means of profit, and this type of software is good at mastering needs, temptation and are most likely to hit. Meanwhile, obscene player software plays a role of other Trojan family media, such as "gypsy moth" and "best brain worms" Trojan family, player software will often use pornography propagation, infecting millions of mobile devices.

"For users, mobile phone security awareness is lacking. People often install anti-virus software to your computer, cell phone is not necessarily. "China University intellectual property Center special researcher Zhao occupation said.

This report also believes that with the development of Internet technology and universal, effective on prevention of malware, malicious software developers began research and development of new technologies. Use social engineering to grab the user's mental weaknesses, through the interface, malicious hijacking forced access to sensitive information using legal procedures, using simple tools to reduce costs and fragmentation codes to avoid killing as well as more advanced techniques are becoming malicious developers "evil weapon."

In addition, on the means of transmitting malicious programs, criminals use a variety of channels spread nets, user-intensive "false base station" device is one of them. Reports researchers found that criminals usually used "false base station + fishing + mobile Trojan" method for phishing scams, malware spreading Android. Added link to user perception of very low redirect infections spread across platforms and technologies, cell phone malware aggression more and more.

Not long ago, the Chinese Ministry of public security Criminal Investigation Bureau issued a reminder: "the back has encountered such a pack of people, call the police! "According to media reports, they are" carrying a backpack, or use public transport or on foot, hanging out in downtown all the way into tourism ' backpacker ' attitude. Open the package, there are ' upgraded ' version of the mini ' pseudo-base station ' "," backpack Max is characterized by a cooling of the cave ".

Mobile phone "black" very active

Combat control into a global problem

According to media reports, last year, Jinhua city, Zhejiang Province, the public security organs uncovered a specialized Trojan virus cases of fraudulent credit card, cracked the series over more than 300 cases involving more than 10 million Yuan. Aim for mutual profit illegally, the fraud ring to form "supply, marketing, production, and sale of" a complete industrial chain. In Zhejiang Province alone, there are more than 100,000 people received such messages, tens of thousands of cell phone Trojan.

This report, based on the traditional forms of crime "black" side, cross-platform Telecom fraud, private Lottery gambling and mobile phone extortion "black" overactive; based on enterprise-class business cooperation "black", the obscene player promotion relevant traffic "black" shows an explosive growth trend.

Data provided in the report show that in 2016, extortion "black" returns over millions of Yuan. To flow "black produced" scale for cases, single from erotic play device of intercepted volume view, on reached has 8 million, assumed to minimum of infection volume (that each sample average infection one phone) to projections, in 8 million times infection in the, only installation produced of cash flow on in 16 million Yuan to 64 million Yuan Zhijian (each application of installation costs in 2 to 8 Yuan Zhijian), and sample of actual average infection volume great Yu minimum infection volume, so installation produced of cash flow as far away as 16 million Yuan on.

Based on the traditional forms of crime "black" and based on enterprise-class business cooperation "black", the difference between the two is:

In based on traditional crime form of "black industry" in the, across platform telecommunications fraud, and private color gambling and phone extortion, industry for typical of to interests for Center for spontaneous organization of way: across platform telecommunications fraud in the of fraud who to fraud money for purpose, through social relations spontaneous organization up, Division for multiple "designed make" team, each "designed make" team further subdivision for "line" "second-tier" and "wire"; private color gambling in the of cheat who to cheat type gambling cheat lottery of money for purpose, Spontaneously organized through social tools, Division of labor as "big house", "small house", and "copy"; of Ransomware blackmailer blackmail for money purposes, by spontaneously organized forums or social networking software, to "Communicator" for the main role in dissemination of Ransomware blackmail users.

Operational cooperation at the enterprise level "black", the obscene player promotion relevant traffic "black" is a typical business-centric ways for business cooperation: developers, advertisers and site owners to advertising promotion of business cooperation, according to their respective company's original business the ability to complete business contracts in the "mission".

Report also think, due to based on enterprise level business cooperation of "black industry" has more strong of technology strength and more can integration of resources, mobile platform "black industry" of overall development trend, is by based on traditional crime form of "black industry" to based on enterprise level business cooperation of "black industry" transition, its scale will constantly expanded and occupy mobile "black produced" of led status.

"Dark industry chain has some soil, there is a demand. From a technical point of view, there is no good solution, because the vulnerability is always there, mainly by increase the intensity of combat, discipline. "Chinese Academy of Sciences, Director of the Institute of information engineering, State Key Laboratory of information security dongdai Lin said.

"Trojan chain involves a lot of links, cross-border crime, increase the combat difficulty, became a global problem. This is a high-tech way of crime and crime, in addition to combat, management of the departments concerned, as well as handset vendors, security software companies, telecommunications operators form a cohesive force between. One alone, it is difficult to completely cut off the Trojans industrial chain. Closed nature of Apple's mobile phone system is stronger, for phone audit of the application of bigger, more expensive, so illegal application on the iPhone would be less, but it doesn't mean you can stop all illegal and criminal activities, as some phishing sites, phone systems are hard to prevent. "Occupation of Zhao said.

Civil accountability remains difficult

Security awareness needs to be enhanced

The above analysis report to predict the future threat trends, that banking is still a Trojan attack hotspot, mobile platform is the hardest-hit areas of Ransomware, malicious software and system updates will continue fighting, threats against corporate mobile office will increase against Internet threats will also be expanded. Meanwhile, continued targeted attacks against high-level objectives will be platform-wide development.

"In fact, Trojan developer for mobile phones and communicators of legal liability, there are relevant provisions in the law. The key question now is how to pursue research and development and dissemination of legal responsibility. From a civil point of accountability is difficult. User visits a Web site, and then be embedded Trojan, you may enter the bank account information, and the loss resulting from the theft. In this case, the Bank is not responsible for, and to go directly using the Trojans lead to information theft, to compensate for the loss of users. Of course, there is a premise that found the suspect's true identity before they can be prosecuted for civil liability, and to demand the return of money been tricked. However, when this occurs, rely solely on the individual to pursue, not realistic. One fundamental problem is that users can't even check the identity of the suspect. Therefore, the chain is dominated by criminal means to combat Trojans. "Occupation of Zhao said.

"In fact, we have been doing technical preventive measures, this is one of the more enduring topic, now is facing some difficulties. Trojan programs, are not easy to find developers. Work in this area with long-term. Currently is to improve safety awareness and early warning. Before using the system, the user has to go through security testing and see if loopholes; in the process of running, but also at any time to detect, monitor, identify vulnerabilities quickly made up. It's a bit like fire prevention, building fire-fighting facilities must be built, usually have to do preventive work. "Dongdai Lin said.

手机木马产业链“黑幕”：偷、抢、骗三类分工明确 - 手机,木马 - IT资讯

木马产业链涉及很多环节，有的采取跨境犯罪方式，增加了打击难度，成为一个全球性的难题。木马程序属于高科技犯罪，治理木马程序除了需要有关部门严厉打击外，也需要手机厂商、安全软件企业、电信运营商之间形成合力。单靠某一方面，难以彻底斩断木马产业链

手机木马，这一概念对手机一族来说并不陌生。不过，对于手机木马背后的复杂产业链，一般人则未见得完全了解。

近日，有互联网安全平台发布了《2016年安卓恶意软件专题报告》，对手机木马及其背后的产业链进行了分析。《法制日报》记者发现，手机木马产业链已经成为互联网安全的一个突出安全隐患。

手机木马三大类别

钓鱼勒索色情软件

《2016年安卓恶意软件专题报告》由360手机卫士发布。在这份报告中，研究人员发现，在各种恶意软件中，几款“经典”类型仍然是侵害用户的主要类别，钓鱼软件、勒索软件、色情播放器成为主流，而极难查杀的顽固木马正在成为威胁手机系统安全的顽疾。

这份报告认为，钓鱼软件通常以精心设计的虚假页面、诱导性的文字图片以假充真；钓鱼软件的目的在于“偷”，不但能够将用户在虚假页面上输入的包括银行卡、账号密码等重要隐私信息进行回传，还会窃取用户手机中的短信、联系人等信息，通过不法手段收集用户重要个人信息，危害用户隐私和财产安全。

与钓鱼软件的“偷”不同，勒索软件的目的在于“抢”。研究人员发现，国内敲诈勒索软件感染的目标人群，是一些经常光顾贴吧的人，还有希望得到各种所谓“利器”“外挂”的游戏QQ群成员，这类人绝大多数是90后或00后用户。

另外，色情播放器软件的目的在于“骗”，主要以诱导充值、恶意扣费和广告推广作为盈利手段，并且这类软件擅长掌握人的需求，一些禁不住诱惑的人最容易中招。同时，色情播放器软件还扮演着其他木马家族传播媒介的角色，比如“舞毒蛾”“百脑虫”木马家族，大多会借助色情播放器软件传播，感染了上百万台手机设备。

“对于用户而言，手机端的安全防护意识非常欠缺。人们通常会给电脑装杀毒软件，手机则不一定。”中国政法大学知识产权中心特约研究员赵占领说。

这份报告还认为，随着互联网技术的研发与普及、对恶意软件的防范效果显著，恶意软件开发者也开始研发新技术。利用社会工程学抓住用户心理弱点、通过界面劫持强行获取敏感信息、恶意利用合法程序、利用简易开发工具降低成本、碎片化代码躲避查杀以及更高级技术手段正在成为恶意程序开发者“作恶利器”。

此外，在传播恶意程序的手段上，不法分子还利用多种渠道广泛传播撒网，用户身边密集的“伪基站”设备就是其中之一。报告研究人员发现，不法分子通常采用“伪基站+钓鱼网站+手机木马”的方式进行网络钓鱼诈骗活动，传播安卓恶意软件。加上用户感知度极低的链接重定向以及跨平台感染等传播技术，手机恶意程序侵略性越来越强。

不久前，中国公安部刑侦局曾发布提醒：“遇到背有这样包的人，马上报警！”据相关媒体报道，这些人“背着双肩包，或搭公共交通或徒步，在闹市一路闲逛，摆出旅游‘背包客’的架势。但打开包，里面装的是‘升级’版的微型‘伪基站’”，“背包最大特点就是有散热的洞”。

手机“黑产”异常活跃

打击治理成全球难题

据相关媒体报道，去年，浙江省金华市公安机关侦破了一起专门从事木马病毒盗刷银行卡案件，破获系列案件300余起，涉案金额达1000余万元。为了共同的非法牟利目的，该诈骗团伙形成“供、销、产、售”完整的产业链条。仅浙江省内，就有10多万人收到过此类短信，数万人的手机中木马。

上述报告认为，在基于传统犯罪形式的“黑色产业”方面，跨平台电信诈骗、私彩赌博和手机勒索等“黑色产业”异常活跃；在基于企业级业务合作的“黑色产业”方面，色情播放器推广相关的流量“黑产”呈爆发性增长趋势。

报告提供的数据表明，2016年勒索“黑产”收益超千万元。以流量“黑产”规模为例，单从色情播放器的截获量来看，就达到了800万，假设以最低的感染量（即每个样本平均感染一部手机）来推算，在800万次感染中，仅安装产生的现金流就在1600万元至6400万元之间（每个应用的安装费用在2至8元之间），而样本的实际平均感染量远大于最低感染量，所以安装产生的现金流远在1600万元之上。

基于传统犯罪形式的“黑色产业”和基于企业级业务合作的“黑色产业”，二者的区别在于：

在基于传统犯罪形式的“黑色产业”中，跨平台电信诈骗、私彩赌博和手机勒索等产业为典型的以个人利益为中心进行自发组织的方式：跨平台电信诈骗中的诈骗者以诈骗钱财为目的，通过社会关系自发组织起来，分工为多个“专搞”团队，每个“专搞”团队进一步细分为“一线”“二线”和“三线”；私彩赌博中的欺骗者以欺骗式赌博骗取彩民的钱财为目的，通过社交工具自发组织起来，分工为“大庄家”“小庄家”和“抄单者”；勒索软件中的敲诈者以勒索用户钱财为目的，通过论坛或社交软件自发组织起来，以“传播者”为主要角色传播勒索软件勒索用户。

在基于企业级业务合作的“黑色产业”中，色情播放器推广相关的流量“黑产”为典型的以公司业务为中心进行业务合作的方式：开发者、广告主与网站主以广告推广业务为合作基础，按照各自公司原有的业务能力完成业务合同中的“使命”。

报告还认为，由于基于企业级业务合作的“黑色产业”具备更强的技术实力和更多可以整合的资源，移动平台“黑色产业”的整体发展趋势，正在由基于传统犯罪形式的“黑色产业”向基于企业级业务合作的“黑色产业”过渡，其规模将不断扩大并占据移动“黑产”的主导地位。

“黑色产业链的存在有一定土壤，也有一定的需求。从技术的角度来看，还没有特别好的解决方案，因为漏洞总是存在的，主要靠加大打击、惩戒力度。”中国科学院信息工程研究所信息安中国家重点实验室主任林东岱说。

“木马产业链涉及很多环节，有的采取跨境犯罪方式，加大了打击难度，成为一个全球性的难题。这是一种高科技的犯罪手段和犯罪方式，除了有关部门进行打击、治理之外，也需要手机厂商、安全软件企业、电信运营商之间形成合力。单靠某一方面，难以彻底斩断木马产业链。比如苹果手机系统的封闭性比较强，对于手机应用的审核力度更大、门槛更高，所以苹果手机上的违法应用会少一些，但是也不代表可以防住所有的违法犯罪行为，像有些钓鱼网站，苹果手机系统也很难防范。”赵占领说。

民事追责仍存困难

安全意识有待增强

上述分析报告对未来的威胁趋势进行了预判，认为银行金融对象依然是木马攻击热点、移动平台仍然是勒索软件的重灾区、恶意软件与系统的更新将进行持续对抗、针对企业移动办公的威胁将增加、针对物联网的威胁也将扩大。同时，针对高级目标的持续定向攻击也将全平台发展。

“实际上，对于手机木马研发者和传播者的法律责任，法律中都有相关规定。现在的关键问题是，怎么去追究研发者和传播者的法律责任。从民事角度追究责任是比较困难的。比如用户访问了某一个网站，然后因此被植入木马，接下来可能又输入银行账户信息，这些信息被窃取后造成了损失。在这种情况下，银行是没有责任的，要去追究直接使用木马导致信息被窃取的主体，以弥补用户的损失。当然，这里有一个前提，即找到犯罪嫌疑人的真实身份，然后才可以追究其民事责任，并要求返还被骗钱财。不过，当出现这种情况时，单靠用户个人去追究，不太现实。一个最基本的问题是，用户连嫌疑人的身份都查不到。所以，还是要以刑事手段为主打击木马产业链。”赵占领说。

“其实，大家一直在做技术上的防范措施，这是一个比较恒久的话题，现在还面临一些困难。就木马程序来说，并不容易找到开发者。这方面的工作带有长期性。目前主要是提高安全意识，做好预警工作。在使用系统前，用户要进行一些安全方面的检测，看有没有漏洞；在运行过程中，也要随时进行检测、监控，发现漏洞就赶快弥补。这有点像消防工作，盖楼时必须要建消防设施，平时也要做好防范工作。”林东岱说。