Security Market Segment LS


JUser: :_load: Unable to load user with ID: 590300
Wednesday, 25 November 2015 09:35

Chinese underground leads the world in cyber criminal innovation Featured

Prototype Nation: The Chinese Cybercriminal Underground in 2015 Prototype Nation: The Chinese Cybercriminal Underground in 2015

Two years ago, the last research report by Trend Micro on the bustling Chinese underground saw compromised hosts, DDoS attack tools services, and remote access Trojans (RATs) being sold.

According to its most recent research, Trend Micro has found that China’s tech-savvy crooks are trading in social engineering tools, point-of-sale (POS), automatic teller machine (ATM) and card skimmers, as well as personal data.

Every industry needs a marketplace. The Chinese cybercriminal market meets through CnSeu (, a forum for trading leaked data. CnSeu provides users a means to communicate with peers about various topics related to cybercrime resources, tutorials, and tools. Users buy and sell leaked data using forum coins or credit points that can be purchased on Alipay with corresponding amounts in RMB (RMB 1 = 10 forum coins = A$0.22).

While these types of forums keep cyber criminals connected with one another, they have come up with even better ways to offer stolen data. SheYun, a search engine specifically created to make leaked data available to users, is one such way.

SheYun’s search database contains leaked data ranging from bank account credentials to poker account information; users simply have to provide usernames (输入用户名), QQ details, and email addresses to use its services.

SheYun also has a government database that its users can get information from, and ironically, a privacy protection feature for those who wish to prevent certain data from appearing as search results.

In 2013, the Trend Micro report found the most popular Chinese underground offerings were compromised hosts, DDoS attack tools and services, and remote access Trojans (RATs)5.

This year, researchers discovered new social engineering toolkits.

Social Engineering Master (社工大师) is one such tool. It allows cyber criminals to search through leaked data, send spoofed emails, and create fake IDs using templates, among others, for a meagre sum of ~RMB 317 (A$69).

Users who access Social Engineering Master are automatically redirected to an
online payment page if they want to avail themselves of its products and services.

The non-cash transaction volume in China has grown worldwide, especially in China—expected to reach 27% this year.

Cyber criminals have been quick to jump on this bandwagon. They now offer POS and ATM skimmers to interested buyers at fairly reasonable prices.

POS skimmers can be bought on the business-to-business (B2B) e-commerce site, These devices are bought by retailers (RMB 5,000 (A$1,086))who then resell them to small businesses that are always on the lookout for the most reasonable prices. These resellers may or may not know that the gadgets they are peddling have been tampered with. They are quite sophisticated, with some offering an SMS-notification feature that allows the cyber criminal to access the stolen data remotely every time the device is used.

Another device that’s still popular is the ATM skimmer, a keypad overlay used to steal victims’ PINs. Priced at RMB 2,000 (A$434), these keypads come with a small memory chip that saves all captured PINs for retrieval later.

The third type of skimmer available—pocket skimmers—are small magnetic card readers that can store up to 2,048 payment cards. They do not need to be physically connected to a computer or a power supply to work. All captured data can be downloaded onto a connected computer. They are used by unscrupulous store staff to steal track data from unwitting customer cards.

These products also have a thriving training support industry.

Trend Micro says that similar offerings designed to abuse Internet of Things (IoT) devices can also be seen in the Chinese underground.

It adds that the hardware together with the anonymous forums will usher in a new wave of more skilled and confident cyber criminals in China in future.


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]




Recent Comments