IBM Security Trusteer’s mobile security research team has recently discovered a major mobile banking fraud operation that managed to steal millions of dollars from financial institutions in Europe and the US within a matter of days in each attack before being intercepted and halted, according to SecurityIntelligence.
This is the work of a professional and organized gang that uses an infrastructure of IBM Security Trusteer to set up thousands of spoofed devices that accessed thousands of compromised accounts. In each instance, a set of mobile device identifiers was used to spoof an actual account holder’s device, likely ones that were previously infected by malware or collected via phishing pages.
Using automation, scripting, and potentially access to a mobile malware botnet or phishing logs, the attackers, who have the victim’s username and password, initiate and finalize fraudulent transactions at scale. In this automatic process, they are likely able to script the assessment of account balances of the compromised users and automate large numbers of fraudulent money transfers being careful to keep them under amounts that trigger further review by the bank.
The scale of this operation is one that has never been seen before, in some cases, over 20 emulators were used in the spoofing of well over 16,000 compromised devices. The attackers use these emulators to repeatedly access thousands of customer accounts and end up stealing millions of dollars in a matter of just a few days in each case. After one spree, the attackers shut down the operation, wipe traces, and prepare for the next attack.
Trending Now… And Later
After responding to this massive attack, Trusteer researchers found that the robustness and sophistication of the operation’s automation environment were not a common sight in the cybercrime area. It is likely that those behind it are an organized group with access to skilled technical developers of mobile malware and those versed in fraud and money laundering. These types of characteristics are typical for gangs from the desktop malware realms, such as those operating TrickBot or the gang known as Evil Corp.
In subsequent attacks using the same tactics, researchers were able to see evolution and lessons learned when the attackers evidently fixed errors from past attacks. „This is indicative of an ongoing operation that is perfecting the process of mobile banking fraud.”
„Furthermore, our intelligence team has observed a trending fraud-as-a-service offering in underground venues that promises access to the same type of operation to anyone willing to pay for it, with or without the required skill. This lowers the entry bar for would-be criminals or those who plan to transition into the mobile fraud realm. It also means this at-scale automation scheme can be adapted to almost any financial institution in a variety of countries and territories and is likely to become a growing trend among cybercriminals.”
For more details follow the link: IBM Trusteer Exposes Massive Fraud Operation Facilitated by Evil Mobile Emulator Farms
„Tendinţele pe care le-am remarcat înainte de începerea pandemiei s-au accelerat pe perioada stării de urgenţă. Am văzut acest lucru ca o oportunitate, un tipping point pentru bancă. Post-pandemie nu avem cum sa ne întoarcem la comportamentul financiar pe care îl aveam până în februarie a.c. Relaţia românilor cu online-ul s-a schimbat. In plus, cardul fizic se va dematerializa. Vom asista la o scădere a cererii pentru cardurile fizice, respectiv la o creştere a preferinţei pentru componenta digitală a acestora.”