Lucky
Regular
- Joined
- 14.09.20
- Messages
- 98
- Reaction score
- 433
- Points
- 33
A group of cybercriminals used mobile emulators to simulate thousands of mobile devices, allowing them to steal millions of dollars in a matter of days.
According to experts from IBM Security Trusteer, as part of the mobile banking fraud aimed at financial institutions in Europe and the United States, criminals used about 20 emulators to simulate more than 16 thousand mobile devices and access hacked accounts. Mobile device IDs were used to mimic the phones of account holders, but in some cases, attackers installed new IDs to give the impression that the user was accessing the account from a new device. Credentials stolen from infected systems or through phishing attacks were also used.
the attackers allegedly automated the evaluation of accounts and the initiation of fraudulent money transactions, and tried to transfer small amounts so that their actions did not entail further verification by the bank.
"After the attack is carried out, the attackers stop the operation, erase the traces and prepare for the next attack," the researchers explain.
Criminals could attack any financial applications, even those that use codes sent in SMS messages or e-mail to confirm transactions.
The attackers also created specialized applications that mimic legitimate versions of targets, and analyzed how programs respond to connections from their fake devices.
"It is likely that behind this operation is an organized group that has access to qualified technical developers of malware for mobile devices and specialists in the field of fraud and money laundering. Such characteristics are typical for criminals such as trickbot operators or the Evil Corp group, " the experts noted.
According to experts from IBM Security Trusteer, as part of the mobile banking fraud aimed at financial institutions in Europe and the United States, criminals used about 20 emulators to simulate more than 16 thousand mobile devices and access hacked accounts. Mobile device IDs were used to mimic the phones of account holders, but in some cases, attackers installed new IDs to give the impression that the user was accessing the account from a new device. Credentials stolen from infected systems or through phishing attacks were also used.
the attackers allegedly automated the evaluation of accounts and the initiation of fraudulent money transactions, and tried to transfer small amounts so that their actions did not entail further verification by the bank.
"After the attack is carried out, the attackers stop the operation, erase the traces and prepare for the next attack," the researchers explain.
Criminals could attack any financial applications, even those that use codes sent in SMS messages or e-mail to confirm transactions.
The attackers also created specialized applications that mimic legitimate versions of targets, and analyzed how programs respond to connections from their fake devices.
"It is likely that behind this operation is an organized group that has access to qualified technical developers of malware for mobile devices and specialists in the field of fraud and money laundering. Such characteristics are typical for criminals such as trickbot operators or the Evil Corp group, " the experts noted.