Telecom fraud: a Chinese variant on the Police Trojan explained

The Dongcheng sub-branch of Beijing’s Public Security Bureau called in Kaspersky Lab to investigate a telecom fraud case. What Kaspersky found was the evolution of China’s traditional fraud into something altogether more sophisticated. Traditionally, fraud in China has involved a phone call that tricks the victim into transferring cash to criminals via an ATM. Now, however, a combination of social engineering, phishing, a data stealing trojan, and the fear factor of a police investigation have taken telecom fraud in China to a new level.

It still starts with a phone call. The targets are informed that they have been implicated in a financial crime and must co-operate with the investigation. They are told to check the website of the ‘Supreme Procuratorate of the People’s Republic of China’ to see if they are official suspects. Once there, they are asked to check the ‘online finance crime database’ – but to do this, the victims must download a plug-in.

“That alleged plugin,” Kaspersky found, “is, in fact, a customized teamviewer application. Once launched, it puts your computer under their complete control. They can use your machine for any operation, just like it was their own.”

But that’s not yet enough – the fraudsters still need the victims’ bank account details. This is done under the continued guise of getting the victims to check the database to find out if they are official suspects – but to get into the database they need to enter their bank account details. The hope, clearly, is that the victims will consider it not unreasonable that their financial details are required for a financial investigation.

This is where the fear factor comes in. It is unlikely that Chinese citizens are less concerned about their own financial investigators than Americans are about IRS investigations – so it is not surprising that the demand for bank details under these circumstances is compelling. “But all of that sensitive data is immediately harvested by the fraudsters. With account numbers, passwords, USB keys and that teamviewer ‘plugin’ tool, the gang now has everything it needs to steal your money.”

And stealing your money just takes a few seconds. “By the time you realize you’ve been tricked, the criminals have already said their farewells and jumped into their virtual getaway car.”

What’s Hot on Infosecurity Magazine?