2 min read

Attackers Use Mobile Emulators on an Unprecedented Scale to Steal Millions of Dollars in a Few Days

Silviu STAHIE

December 23, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Attackers Use Mobile Emulators on an Unprecedented Scale to Steal Millions of Dollars in a Few Days

Attackers set up a network of mobile emulators capable of spoofing devices of real banking customers from the United States and Europe, according to an investigation from IBM Trusteer.

The process of stealing someone”s banking information is not easy, but setting up a system in which attackers use that data in an automated way, permitting them to hit thousands of targets in the course of a few days, is not so common.

The automation process is possible with the help of mobile emulators that act like the real devices. After attackers get their hands on valid customer accounts, in conjunction with compromised devices, they spoof real devices and steal a lot of money in a very short amount of time.

“The scale of this operation is one that has never been seen before, in some cases, over 20 emulators were used in the spoofing of well over 16,000 compromised devices,” said IBM. “The attackers use these emulators to repeatedly access thousands of customer accounts and end up stealing millions of dollars in a matter of just a few days in each case. After one spree, the attackers shut down the operation, wipe traces, and prepare for the next attack.”

To carry out an attack of this magnitude, attackers need a lot of information, usually including the account holders” usernames and passwords, access to mobile identifiers, and SMS message contents (to bypass two-factor authentication.) These last two conditions imply that spoofed mobile devices are already infected with malware.

Even if the compromised device and the emulator are in different countries, the software could spoof the GPS location.

“When a compromised device operated from a specific country, the emulator spoofed the GPS location. From there, it connected to the account through a matching virtual private network (VPN) service,” IBM also said.

The operation lasted only a few days, then the attackers closed shop and erased all traces. Security researchers say they are likely ramping up for another campaign, so they issued a warning to financial institutions to protect their customers” information better and implement security solutions to deter this type of fraud.

Customers are not without obligations in this situation. They should be wary of unsolicited SMS messages, never install apps from unknown sources, regularly check banking statements to spot anomalies and use security solutions on mobile devices.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Malware Posing as Ransomware Responsible for Ukraine Cyberattack Malware Posing as Ransomware Responsible for Ukraine Cyberattack
Silviu STAHIE

January 17, 2022

2 min read
Russian Authorities Cuff Last Remaining REvil Suspects Russian Authorities Cuff Last Remaining REvil Suspects
Filip TRUȚĂ

January 17, 2022

2 min read
Android 12 protects phones from Stingray attacks, lets users disable 2G Android 12 protects phones from Stingray attacks, lets users disable 2G
Radu CRAHMALIUC

January 14, 2022

1 min read