Two years after publishing our last report on the wares and services traded in the bustling Chinese underground, we found that the market’s operations further expanded. Traditional malware designed to run on all platforms as well as mentorship and hacking services are still heavily present. But with time come new innovations—ones that are now gaining popularity among China’s tech-savviest crooks. New hardware and channels have gone beyond being mere proofs of concept (PoCs) to become the working models driving the cybercrime trends in China today. We saw increased Chinese underground activity over a 10-month period. Chinese-speaking cybercriminals, regardless of nationality, continued to abuse popular Web services like the instant-messaging (IM) app, QQ, to communicate with peers.
Through these channels, they offer botnet services used to instigate distributed denial-of-service (DDoS) attacks along with products like exploit kits. Our past explorations of the Chinese underground, including their thriving mobile underground2, showed how quickly cybercriminals adapted to technological advancements and existing trends. 2015 was no different, as evidenced by the presence of several recently developed leaked-data search engines.