What began as a simple scheme to inflate social media metrics has evolved into a sophisticated threat that is quietly reshaping the economics of digital fraud. Over the past decade, fraud prevention teams have invested heavily in device fingerprinting and emulator detection and that investment paid off; classic emulators and bot activities became predictable, easy to detect and block.
However, attackers adapted. They moved to cloud phones – remote-access Android devices running in data centers. For all intents and purposes, these are real phones, running genuine firmware, exhibiting natural sensor behavior, and presenting valid hardware attestation. Plus, they’re accessible to anyone with just $10 to spare and an internet connection. What makes this threat unlike any other is its invisibility.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises
May 25, 2021
Attacks on control processes supported by operational technology (OT) are often perceived as necessarily complex. This is because disrupting or modifying a control process to cause a predictable effect is often quite difficult and can require a lot of time and resources. However, Mandiant Threat Intelligence has observed simpler attacks, where actors with varying levels ...
- Russian dark web marketplace Hydra cryptocurrency transactions reached $1.37bn in 2020
May 25, 2021
An investigation into the Hydra marketplace has revealed surging transaction volumes and a thriving — albeit illicit — cryptocurrency ecosystem. On Tuesday, Flashpoint and Chainalysis jointly released a report into Hydra, a marketplace in the dark web. At its inception in 2015, Hydra was well-known for the sale of narcotics, but as time has gone on, the ...
- VMware warns of critical bug affecting all vCenter Server installs
May 25, 2021
VMware urges customers to patch a critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments. “These updates fix a critical security vulnerability, and it needs to be considered at once,” said Bob Plankers, Technical Marketing Architect at VMware. Read more… Source: Bleeping Computer
- Iranian hacking group targets Israel with wiper disguised as ransomware
May 25, 2021
An Iranian hacking group has been observed camouflaging destructive attacks against Israeli targets as ransomware attacks while maintaining access to victims’ networks for months in what looks like an extensive espionage campaign. The threat actor, tracked as Agrius by SentinelLabs researchers, has targeted Israel starting with December 2020. “Initially engaged in espionage activity, Agrius deployed a set ...
- TeamTNT Targets Kubernetes, Nearly 50,000 IPs Compromised in Worm-like Attack
May 25, 2021
Kubernetes is the most widely adopted container orchestration platform for automating the deployment, scaling, and management of containerized applications. Unfortunately, like any widely used application, it makes for an attractive target for threat actors as they are often misconfigured, especially those running primarily in cloud environments with access to nearly infinite resources. This article will ...
- Russian to be deported after foiled Tesla ransomware plot
May 24, 2021
A Russian man was sentenced Monday to what amounted to time already served in U.S. government custody and will be deported after pleading guilty to trying to pay a Tesla employee $500,000 to install computer malware at the company’s Nevada electric battery plant in a bid to steal company secrets for ransom. Egor Igorevich Kriuchkov, appearing ...

