Cell phone money laundering

Denis Maslennikov Kaspersky Lab

  download slides (PDF)

In Russia, the vast majority of cell phone SIM cards are prepaid. One of the major Russian operators offers a fully legal service which allows anyone who uses an operator's SIM card to transfer the prepaid amount of money from a SIM card to:

  • A credit card
  • A bank account
  • Unistream (a Western Union analogue)
  • Another cell phone number by sending a special SMS message to a short free number.

Unfortunately, this 'feature' is already actively exploited by cybercriminals. First, they buy a number of SIM cards. This is done in order to have a pool of anonymous cell phone numbers. These numbers are then used in ransomware, mobile malware and SMS scam campaigns.

Ransomware is a group of malicious applications which block users' computers, sometimes by showing various kinds of annoying pop-up pornography windows. In order to unlock the PC it asks the infected user to pay a ransom by replenishing a particular cell phone number for a standard amount of money (e.g. $10, $20, $30).

In the case of mobile malware, there are already many SMS trojans. These usually send two SMS messages. The first one creates a transfer from the infected phone's prepaid SIM card to the hacker's SIM card. The second SMS is sent in order to confirm the transfer completed successfully.

The SMS scam campaigns are hugely popular. They can be incredibly massive in scope. The SMS messages contain a 'phishy' text asking the user to top up a particular cell phone number. Examples include: 'Mom, I'm in trouble. Please replenish +7905******* for $10, I'll explain everything later.' The Moscow underground bombing in March 2010 and Domodedovo explosion this year were also abused by cybercriminals. In both cases, cybercriminals performed SMS scam campaigns related to them.

When a pool of cell phone numbers used by cybercriminals has been topped with credit, they need to launder the money. Here is where the Beeline service comes in handy. To cash in, they use various techniques:

  • Transfer money from cell phone number to credit card
  • Transfer to another cell phone number (in order to create a long chain of events)
  • Send SMS messages to premium rate numbers if they rented them

Lately, cybercriminals have also used mediators (money mules) who help with money laundering in several ways - via SMS messages to premium rate numbers, WebMoney, carded credit cards and others. There are a lot of advertisements on the hackers' forums where people offer their services and help in money laundering.

This particular set of conditions has created some very prosperous underground businesses that, as far as we know, are unique to Russia. In this presentation, we will show the particular methods used by the criminals, how they make money and, most importantly, how much money they are making.



twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.