2 min read

Attackers Use Mobile Emulators on an Unprecedented Scale to Steal Millions of Dollars in a Few Days

Silviu STAHIE

December 23, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Attackers Use Mobile Emulators on an Unprecedented Scale to Steal Millions of Dollars in a Few Days

Attackers set up a network of mobile emulators capable of spoofing devices of real banking customers from the United States and Europe, according to an investigation from IBM Trusteer.

The process of stealing someone”s banking information is not easy, but setting up a system in which attackers use that data in an automated way, permitting them to hit thousands of targets in the course of a few days, is not so common.

The automation process is possible with the help of mobile emulators that act like the real devices. After attackers get their hands on valid customer accounts, in conjunction with compromised devices, they spoof real devices and steal a lot of money in a very short amount of time.

“The scale of this operation is one that has never been seen before, in some cases, over 20 emulators were used in the spoofing of well over 16,000 compromised devices,” said IBM. “The attackers use these emulators to repeatedly access thousands of customer accounts and end up stealing millions of dollars in a matter of just a few days in each case. After one spree, the attackers shut down the operation, wipe traces, and prepare for the next attack.”

To carry out an attack of this magnitude, attackers need a lot of information, usually including the account holders” usernames and passwords, access to mobile identifiers, and SMS message contents (to bypass two-factor authentication.) These last two conditions imply that spoofed mobile devices are already infected with malware.

Even if the compromised device and the emulator are in different countries, the software could spoof the GPS location.

“When a compromised device operated from a specific country, the emulator spoofed the GPS location. From there, it connected to the account through a matching virtual private network (VPN) service,” IBM also said.

The operation lasted only a few days, then the attackers closed shop and erased all traces. Security researchers say they are likely ramping up for another campaign, so they issued a warning to financial institutions to protect their customers” information better and implement security solutions to deter this type of fraud.

Customers are not without obligations in this situation. They should be wary of unsolicited SMS messages, never install apps from unknown sources, regularly check banking statements to spot anomalies and use security solutions on mobile devices.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read