The latest information from IBM Security Trusteer’s mobile security research team indicatesthat hackers have been using ‘mobile emulators’ to steal millions from financial institutions in Europe and the USA.
How they did it?
They set up a network of mobile device emulators that were behind thousands of spoof devices able to access thousands of compromised accounts. A set of set of mobile device identifiers was used to spoof an actual account holder’s device, and in each case it is likely that these accounts had been infected by malware, or collected via phishing.
The hackers have the victim’s username and password, and using an automatic process are able to “script the assessment of account balances.” They can then automate large numbers of fraudulent transfers. These are never large enough to trigger bank scrutiny at the time.
How does an emulator work?
It mimics the characteristics of several mobile devices. They are often used by developers to test applications, but in the wrong hands they are a crime tool.
According to Finextra: “IBM Trusteer says that the scale of the operation is one that has never been seen before, in some cases, over 20 emulators were used in the spoofing of well over 16,000 compromised devices.”
IBM added, “”The attackers use these emulators to repeatedly access thousands of customer accounts and end up stealing millions of dollars in a matter of just a few days in each case. After one spree, the attackers shut down the operation, wipe traces, and prepare for the next attack.”
IBM Trusteer’s intelligence team has also observed a trending fraud-as-a-service offer in underground venues, promising access to this type of operation to anyone willing to pay for it, with or without the required skill.
“This lowers the entry bar for would-be criminals or those who plan to transition into the mobile fraud realm,” says IBM, and is likely to become a growing trend amongst cybercriminals.