According to its most recent research, Trend Micro has found that China’s tech-savvy crooks are trading in social engineering tools, point-of-sale (POS), automatic teller machine (ATM) and card skimmers, as well as personal data.



Every industry needs a marketplace. The Chinese cybercriminal market meets through CnSeu (cnseu.pw/), a forum for trading leaked data. CnSeu provides users a means to communicate with peers about various topics related to cybercrime resources, tutorials, and tools. Users buy and sell leaked data using forum coins or credit points that can be purchased on Alipay with corresponding amounts in RMB (RMB 1 = 10 forum coins = A$0.22).



While these types of forums keep cyber criminals connected with one another, they have come up with even better ways to offer stolen data. SheYun, a search engine specifically created to make leaked data available to users, is one such way.



SheYun’s search database contains leaked data ranging from bank account credentials to poker account information; users simply have to provide usernames (输入用户名), QQ details, and email addresses to use its services.



SheYun also has a government database that its users can get information from, and ironically, a privacy protection feature for those who wish to prevent certain data from appearing as search results.





In 2013, the Trend Micro report found the most popular Chinese underground offerings were compromised hosts, DDoS attack tools and services, and remote access Trojans (RATs)5.This year, researchers discovered new social engineering toolkits.Social Engineering Master (社工大师) is one such tool. It allows cyber criminals to search through leaked data, send spoofed emails, and create fake IDs using templates, among others, for a meagre sum of ~RMB 317 (A$69).Users who access Social Engineering Master are automatically redirected to anonline payment page if they want to avail themselves of its products and services.The non-cash transaction volume in China has grown worldwide, especially in China—expected to reach 27% this year.Cyber criminals have been quick to jump on this bandwagon. They now offer POS and ATM skimmers to interested buyers at fairly reasonable prices.POS skimmers can be bought on the business-to-business (B2B) e-commerce site, 1688.com. These devices are bought by retailers (RMB 5,000 (A$1,086))who then resell them to small businesses that are always on the lookout for the most reasonable prices. These resellers may or may not know that the gadgets they are peddling have been tampered with. They are quite sophisticated, with some offering an SMS-notification feature that allows the cyber criminal to access the stolen data remotely every time the device is used.Another device that’s still popular is the ATM skimmer, a keypad overlay used to steal victims’ PINs. Priced at RMB 2,000 (A$434), these keypads come with a small memory chip that saves all captured PINs for retrieval later.The third type of skimmer available—pocket skimmers—are small magnetic card readers that can store up to 2,048 payment cards. They do not need to be physically connected to a computer or a power supply to work. All captured data can be downloaded onto a connected computer. They are used by unscrupulous store staff to steal track data from unwitting customer cards.These products also have a thriving training support industry.Trend Micro says that similar offerings designed to abuse Internet of Things (IoT) devices can also be seen in the Chinese underground.It adds that the hardware together with the anonymous forums will usher in a new wave of more skilled and confident cyber criminals in China in future.