Cybercriminals are now using virtual phones to fool the anti-fraud protections of banks and drain customers’ accounts.
Citing the cybersecurity firm Group-IB, Malwarebytes researcher Pieter Arntz says criminals are renting cheap internet-based Android smartphones and using them to bypass banks’ security checks.
Trending: Even Sabrina Carpenter Can’t Escape Accusations Of Islamophobia: “That’s Your Culture?”
“The start of an attack is still social engineering. Criminals try to trick users into sharing one-time passwords (OTPs), approve a login or make a transfer ‘to a safe account.’
Behind the scenes, the criminal logs into a cloud phone instance that already looks like the victim’s device to their bank, thanks to matching or plausible fingerprints and pre-warmed behavior. Once the criminals are in, they carry out authorized push payment (APP) transfers (often to money-mule accounts), that the bank’s systems may treat as low-risk because nothing about the device seems obviously wrong.
At that point the criminals can start emptying your account or sell the virtual
Continue reading
Join the conversation!
Please share your thoughts about this article below. We value your opinions, and would love to see you add to the discussion!