IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Mobile fraud campaign nabs millions from US and EU banks

Hackers used emulators to access thousands of customer accounts repeatedly

Woman's hand on a smartphone showing a mobile banking app

Security researchers have discovered a major mobile banking fraud operation that stole millions of dollars from financial institutions in Europe and the US before being intercepted and halted.

According to a report by IBM Trusteer, cyber criminals used an infrastructure of mobile device emulators to set up thousands of spoofed devices and access thousands of compromised bank accounts. 

“In each instance, a set of mobile device identifiers was used to spoof an actual account holder’s device, likely ones that were previously infected by malware or collected via phishing pages,” said researchers.
Shachar Gritzman, mobile malware researcher at IBM said the gang used automation, scripting, and potentially access to a mobile malware botnet or phishing logs to initiate and finalize fraudulent transactions at scale.

“In this automatic process, they are likely able to script the assessment of account balances of the compromised users and automate large numbers of fraudulent money transfers being careful to keep them under amounts that trigger further review by the bank,” Gritzman said.

In some cases, hackers used over 20 emulators in the spoofing of well over 16,000 compromised devices.

“The attackers use these emulators to repeatedly access thousands of customer accounts and end up stealing millions of dollars in a matter of just a few days in each case. After one spree, the attackers shut down the operation, wipe traces, and prepare for the next attack,” said Gritzman.

Gritzman said to defend against future attacks on mobile devices, users should avoid jailbreaking or rooting any devices, ensure all system updates and app updates take place on time, and obtain apps directly from official app stores.

Tom Davison, technical director – international at Lookout, told ITPro that this attack demonstrates the extraordinary lengths that today's well-funded and professional cyber criminal groups will go to when the end justifies the means. 

“Mobile devices present a multiplier effect as they become the mainstream platform for online banking.  Consumer users need to protect themselves by understanding that mobile devices are not immune.  It really is important to keep them updated, but also to verify the safety of installed apps and the validity of links being clicked,” Davison said.

“For the banks, the challenge comes from the huge range of devices being used to access their services which are not under their control. These may be insecure or already compromised.  Customer education helps, but it is also critical to employ run-time application security to spot infected customer devices and block the opportunity for fraud."

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Revolutionising the lending process with IBM Cloud Paks
Whitepaper

Revolutionising the lending process with IBM Cloud Paks

1 Apr 2022
Injecting simplicity, speed, and innovation in core insurance processes
Whitepaper

Injecting simplicity, speed, and innovation in core insurance processes

1 Apr 2022
The new normal: The future role of finance
Whitepaper

The new normal: The future role of finance

10 Mar 2022
Hackers use Linux backdoor on compromised e-commerce sites with software skimmer
malware

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer

19 Nov 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022