Hackers used mobile emulators to spoof thousands of cell phones, allowing them to steal millions of euros / dollars in a matter of days. Targeting financial institutions in Europe and USA, the hackers who orchestrated this business fraud, relied on more than 20 emulators to spoof over 16.000 mobile phones and gain access to compromised accounts.
Cell phone IDs were used to spoof account holders' devices, but in some cases hackers created new IDs to make it look as if the user had access to the account from a new device. They were also used credentials stolen from infected systems or through Phishing.
Her researchers IBM Security Trusteer who discovered this malicious enterprise, reported that using automation, scripting and possible access to mobile malware botnet or phishing logs, the hackers, who have the username and the victim's password, make "fraudulent" transactions.
Using the network of thousands of spoofed devices, hackers repeatedly hacked into the accounts of thousands of people and stole millions of euros / dollars in just a few days. Attacks can also target any financial application, even those approved using SMS-sent codes or e-mail.
The cybercriminals behind this operation probably possessed usernames and account holders' passwords, gained access to device IDs, and more. data - most likely from compromised devices - and were able to obtain the content of SMS messages.
In addition, they utilized a custom automation environment to target cost-effective applications, while also using a set of virtual mobile emulators to perform spoofing on a larger number of devices, as well as network interception scripts to trade and monitor communications.
Also, using legitimate applications, hackers tested their emulators to ensure that they would "pass" as real devices. They also utilized a custom application that automatically delivered the necessary device parameters to the emulator, while matching the device with the account holder's username and password.
In one attack, a unique simulator was used to perform spoofing on over 8.000 mobile phones. Attackers also created custom applications that mimic the target application. They also closely monitored how the target applications reacted to the connections from their spoofed devices.
IBM researchers point out that behind this operation is probably an organized criminal group that has access to specialized mobile technical programmers malware and those with experience in fraud and money laundering. These characteristics are found in gangs like his TrickBot or the gang known as Evil Corp.
Security investigators also found fraud-as-a-service offers in underground markets that promise access to similar businesses for paying subscribers. This suggests not only that any cybercriminal can carry out similar attacks, but also that financial institutions can be targeted in almost any country.