Over 16,000 Emulated Mobile Devices Used to Steal Money From Bank Accounts
Security researchers have recently discovered a large-scale campaign in which fraudsters managed to drain millions of dollars from victims' bank accounts. The discovery was made by IBM's IT security division called Trusteer.
The attacks were carried out using mobile device emulators that can essentially create cloned copies of mobile phones. To obtain sufficient information to clone the devices in the first place, the bad actors behind the fraud campaign used data obtained from previously executed phishing and malware attacks.
Both VPN tunnels and GPS circumvention techniques were used alongside the emulators in the campaign. Additionally, the crooks used simulated identifiers for each device that were attached to each breached account. The combination of all those things allowed them to access victims' bank accounts and syphon money out of them.
Researchers with IMB reported that a huge network of emulators was employed by the cyber criminals and the campaign itself was massive in scale, leading to the theft of millions of dollars from a large number of victims.
IMB's Trusteer division lists dozens of emulators being used in emulating around 16 thousand separate devices that were previously compromised by some sort of malware attack. Over just a few short days, millions of dollars were drained out of the bank accounts associated with those phones and tablets.
The hackers were very careful when it came to covering their tracks and doing their best to avoid detection and tripping up any automatic online banking defenses. The sums of money they drained out of each individual account were relatively small and devices were never reused.
Once a device has been breached and compromised allowing malicious emulation to commence, there is very little the victim could do to anticipate or stop similar frauds. However, keeping your device safe and secure in the first place, through using best practices and always going for two-factor authentication when possible, can minimize the risk of getting in trouble in the first place.