Using a network of mobile device emulators, IBM Trusteer researchers believe they’ve discovered a large fraud operation that drained millions of dollars from online bank accounts in a couple of days.
The researchers had never seen anything quite like it before. More than 16,000 phones belonging to consumers whose mobile bank accounts had been hacked were simulated by criminals using around 20 emulators in one instance.
They then logged into banking applications on the emulators and used their credentials to make fraudulent money orders that drained the accounts of the victims. For legal app creators and researchers, emulating a range of mobile devices is essential.
Crooks utilised device IDs and faked GPS locations known to be used by each compromised account holder to get around bank security against such assaults. They were presumably obtained through hacked devices, although in other cases the scammers pretended to be consumers using brand-new phones to log in to their accounts. To get around multi-factor authentication, the attackers hacked into SMS texts.
Automated access to accounts, initiation of a transaction, receipt and theft of second factor (SMS in this example), and in many cases, utilising those codes to execute unlawful transactions were some of the findings of IBM Trusteer researchers Shachar Gritzman and Limor Kessem in a blog post. It was possible for the gang to loot millions of dollars from each victimised bank within a few of days because of the automation of the data sources, scripts, and bespoke apps they constructed.”
For every account that was successfully emptied, the fraudsters would replace the faked device that had accessed it with a whole new one. If a bank’s anti-fraud system rejected the attackers, they would switch to a new device. IBM Trusteer noticed that the operators had different attack ‘legs’ over time. To prevent being tracked, the attackers would end one operation and begin a new one, all while wiping their tracks clean of any previous activity.
Bank accounts may have been hacked by malware or phishing operations, according to experts. In the IBM Trusteer report, there is no explanation of how the thieves were able to acquire SMS messages and device identifiers. Banks in the United States and Europe were involved.
The hackers used intercepted connections between faked devices and the banks’ application servers to keep tabs on the status of the operation in real time. Additionally, the intruders tracked the progress of the attack using log files and pictures. The burglars improved their assault strategies as the operation went on, as the researchers saw.
This raises the typical security tips, such as having strong passwords, recognising phishing schemes, and keeping your devices clear of malware. Ideally, banking institutions would offer two-factor authentication in addition to SMS as an option, but this isn’t common. In order to catch fraudulent activities, people should check their bank statements at least once a month.