Researchers found an ongoing global mobile banking fraud campaign capable of swindling millions from various US and EU banks within a matter of a few days.
What has happened?
A cybercriminal group has been using mobile emulator farms to get access to thousands of hacked accounts for using spoofed mobile devices.
- The scope of this attack was very vast, as more than 20 emulators were used to spoof over 16,000 compromised devices.
- An emulator can mimic characteristics of a different kind of mobile device without any need of purchasing them. In this attack, they were abused to spoof compromised mobile devices.
- The data sources, scripts, and customized applications created an automated process that speeds up their attack. It allowed them to rob millions of dollars within a matter of days.
Attackers automated the process of accessing accounts, initiating a transaction, obtaining and stealing a second factor (SMS), and using those codes to perform illicit transactions.
- The attackers used a tool to feed up device specifications from a database of earlier compromised devices. Then, they matched each spoofed device with the banking credentials of the account holders.
- The attackers were able to even spoof their compromised device's GPS location. They used a virtual private network (VPN) service to mask their malicious activity from the banks.
- After every attack, they shut down their operation, wiped trace, and then prepared for the next attack. In addition, they monitored activity on the compromised banking accounts in real-time.
It is challenging for organizations to mitigate fraud risk presented by sophisticated or organized crime groups. Thus, experts suggest avoiding jailbreaking, applying system/app updates, deleting apps no longer in use, using official app stores, checking bank statements, and reporting suspicious activity to banks.