- Jan 24, 2011
- 9,378
A scheme that involved bribes, mobile apps, steganography, and a distraught antivirus maker allowed crooks to steal login credentials from Chinese merchants.
Malware operators utilized this particular attack scenario in China, where they bribed the employees of an authorized gaming company in order to embed samples of their malware in the source code of one of their many mobile apps.
Crooks bribed gaming company employees
The gaming company used its influence and past history to appeal to Qihoo 360, China's biggest antivirus maker, to whitelist the apps, in order for Chinese users to be able to install them from third-party app stores without prompting them with malware warnings.
According to security firm Check Point, Qihoo 360 appears to have trusted the mobile apps received from the gaming company and whitelisted them in its products without a thorough inspection.
But this was not a classic malware attack in any way or form. Instead of activating the malware on devices where the gaming apps were installed, crooks used a different scheme, which involved the Taobao.com marketplace, China's eBay clone.
If you're non-Chinese, some extra details are needed beforehand. Taobao doesn't work exactly as eBay does, but instead of direct payments, it uses the Aliwanwang instant messaging application to allow users to send a picture of the product they want to buy to the store owner.
The store owner validates the purchase and requests payment via Alipay, Aliwanwang’s payment platform.
Read more: Sophisticated Bribe Scheme Helped Crooks Whitelist Malware on Chinese Antivirus
Malware operators utilized this particular attack scenario in China, where they bribed the employees of an authorized gaming company in order to embed samples of their malware in the source code of one of their many mobile apps.
Crooks bribed gaming company employees
The gaming company used its influence and past history to appeal to Qihoo 360, China's biggest antivirus maker, to whitelist the apps, in order for Chinese users to be able to install them from third-party app stores without prompting them with malware warnings.
According to security firm Check Point, Qihoo 360 appears to have trusted the mobile apps received from the gaming company and whitelisted them in its products without a thorough inspection.
But this was not a classic malware attack in any way or form. Instead of activating the malware on devices where the gaming apps were installed, crooks used a different scheme, which involved the Taobao.com marketplace, China's eBay clone.
If you're non-Chinese, some extra details are needed beforehand. Taobao doesn't work exactly as eBay does, but instead of direct payments, it uses the Aliwanwang instant messaging application to allow users to send a picture of the product they want to buy to the store owner.
The store owner validates the purchase and requests payment via Alipay, Aliwanwang’s payment platform.
Read more: Sophisticated Bribe Scheme Helped Crooks Whitelist Malware on Chinese Antivirus
