Taiwan Police Warns That Cheap Chinese Phones Have Scam Malware Preinstalled

Taiwan’s National Police Agency has identified almost 100 cases where scam accounts for a particular mobile game were created using numbers associated with phones made by one Chinese white label manufacturer, reports the Taipei Times. The police say the malware forwards messages to fraudsters so they can complete the creation of accounts for a mobile game where users purchase points with money. The fraudsters then profit by obtaining cash refunds on behalf of users who were duped into buying points.

The agency said that it traced most of the numbers to low-tech cellphones owned by older people who had never downloaded or even heard of the game.

Investigators then traced the phones to a white-label cellphone factory in China, which they suspect loaded Trojan software onto the devices that were sold in Taiwan with Taiwanese branding, unbeknownst to telecoms.

The police are focusing their efforts on persuading the mobile game company to restrict the sale of points, and on raising consumer awareness. Pursuing the criminals behind the scam may prove futile if they lie outside of Taiwan’s jurisdiction.

Most of the game accounts were registered with foreign IP addresses, limiting investigators’ ability to trace them, the [National Police] agency said.

This hybrid scam illustrates how criminals make money by taking advantage of intersecting weaknesses in ways that are difficult to anticipate. In this instance, the scam would not work if the malware could not be installed, the criminals could not obtain cash from the mobile game provider, or users were not fooled into purchasing game points.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.