A group of cybercriminals have used mobile emulators to simulate thousands of mobile devices, allowing them to steal millions of dollars in a matter of days.
According to experts from IBM Security Trusteer, as part of a mobile banking scam targeting financial institutions in Europe and the United States, criminals used about 20 emulators to simulate more than 16,000 mobile devices and access hacked accounts. Mobile device IDs were used to mimic the phones of the account holders, but in some cases attackers set new IDs to make it appear as if the user was accessing the account from a new device. They also used credentials stolen from infected systems or through phishing attacks.
The attackers allegedly automated the valuation of accounts and the initiation of fraudulent money transactions, and tried to transfer small amounts so that their actions did not entail further verification by the bank.
“Once an attack has been carried out, attackers terminate the operation, erase their traces and prepare for the next attack,” the researchers explain.
Criminals could attack any financial application, even those that use codes sent in SMS messages or e-mail to confirm transactions.
The attackers also created specialized applications that mimic legitimate versions of targets and analyzed how programs react to connections from their fake devices.
“It is likely that behind this operation is an organized group with access to qualified technical developers of mobile malware and experts in the field of fraud and money laundering. Such characteristics are typical for such criminals as the operators of TrickBot or the Evil Corp, ”the experts noted.