Malicious mobile emulator farms are robbing US and EU banks

Get a free Techzine subscription!

IBM Trusteer researchers have uncovered an extensive fraud operation unlike anything anyone has ever seen before. In simpler terms, it is the nightmare of automated fraud. A network of mobile device emulators was used to steal millions of dollars from bank accounts in just a few days.

The scale of the operation is unprecedented. For instance, in one of the cases, a criminal used 20 emulators to mimic more than 16,000 phones used by customers with compromised bank accounts.

In another case, one emulator was able to spoof more than 8,100 devices. That’s an astonishing number, which explains how they managed to haul so much in such a short time.

Gone in days

The thieves entered usernames and passwords into banking apps run on emulators and started making fraudulent money orders to get funds out of the compromised accounts. Emulators are normally used by legitimate developers to test how apps run on different devices.

To bypass banking protections used, the crooks had device identifiers that corresponded to each compromised account and spoofed GPS locations previously used by the device.

The device identifications were most likely taken from the hacked devices. In other cases, the thieves pretended to be the users of the phones, accessing their accounts on new devices.

Smooth criminals

The operation combined the automation of accessing accounts, starting transactions, receiving and stealing a second factor (SMSs), and using the stolen codes to complete the transactions. IBM Trusteer researchers Shachar Gritzman and Limor Kessem detailed all this in a post.

The data sources, scripts, and customized apps created by the gang, flowed in an automated process that allowed the fast robbery of millions of dollars from the victims in a matter of days.

After draining an account, the thieves retired the spoofed device that accessed the account, replacing it with a new one. It was sophisticated.  

Tip: Cybercrime becomes more sophisticated: ‘we can’t continue like this.’