[German]Security researchers from IBM Trusteer have openly lived a large-scale fraud campaign. Those behind it were able to steal millions from banks in the US and EU using cell phone emulator farms.
Advertising
IBM Security Trusteer's mobile security research team recently uncovered a large-scale mobile banking fraud operation that was able to steal millions of dollars from financial institutions in Europe and the U.S. within days of each attack before it was intercepted and stopped. I came across this IBM Trusteer blog post via the following tweet, among others.
Accounts emptied via cell phone emulator farms
The cyber criminals operated cell phone emulator farms for this purpose, injecting the credentials of cracked bank accounts into the emulated devices. It is believed that the credentials were captured from victims' devices through phishing or malware.
IBM security researchers write that this was the work of a professional and organized gang that can use such an infrastructure of mobile device emulators to set up thousands of fake devices that accessed thousands of compromised accounts.
Using automation, scripts, and possibly access to a mobile malware botnet or phishing protocols, the attackers, who have the victim's username and password, initiate and complete fraudulent transactions on a large scale.
Advertising
In this automated process, the fraudsters are likely to script the evaluation of the compromised users' account balances. The goal is to process a large number of fraudulent money transfers in an automated manner. In doing so, the fraudsters take care to keep these transactions below the amounts that trigger further verification by the bank.
Unprecedented scale
Security researchers write that the scale of this operation has reached unprecedented levels. In some cases, they say, more than 20 emulators were used to spoof well over 16,000 compromised devices. The attackers use these emulators to repeatedly access thousands of customer accounts and end up stealing millions of dollars within a few days each time. After the digital heist, the attackers shut down emulator farm operations, erase traces and prepare for the next attack. IBM security researchers therefore published this blog post with more details to warn about the dangers.
