Cloud Phones: The Invisible Threat


What began as a simple scheme to inflate social media metrics has evolved into a sophisticated threat that is quietly reshaping the economics of digital fraud. Over the past decade, fraud prevention teams have invested heavily in device fingerprinting and emulator detection and that investment paid off; classic emulators and bot activities became predictable, easy to detect and block.

However, attackers adapted. They moved to cloud phones – remote-access Android devices running in data centers. For all intents and purposes, these are real phones, running genuine firmware, exhibiting natural sensor behavior, and presenting valid hardware attestation. Plus, they’re accessible to anyone with just $10 to spare and an internet connection. What makes this threat unlike any other is its invisibility.

Read more…
Source: Group IB


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • U.S. Accuses North Korean Hackers of Stealing Millions

    February 17, 2021

    The U.S. Department of Justice has indicted three North Korean computer programmers for their alleged participation in widespread, destructive cyberattacks as part of the advanced persistent threat (APT) known as Lazarus Group. The indictment broadens the scope of crimes that the DoJ has linked to Lazarus Group (and by extension, to North Korea). The feds also ...

  • Kia Motors America suffers ransomware attack, $20 million ransom

    February 17, 2021

    Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data. Kia Motors America (KMA) is headquartered in Irvine, California, and is a Kia Motors Corporation subsidiary. KMA has nearly 800 dealers in the USA with cars and SUVs manufactured out of West ...

  • Details Tied to Safari Browser-based ‘ScamClub’ Campaign Revealed

    February 17, 2021

    Details of a flaw in Apple’s Safari browser, publicly disclosed Tuesday, outline how the cybergang known as ScamClub reached 50 million users with a three-month-long malicious ad campaign pushing malware to mobile iOS Chrome and macOS desktop browsers. The Safari bug, patched on Dec. 2 by Apple, was exploited by a malvertising campaign that redirected traffic ...

  • DDoS attacks in Q4 2020

    February 16, 2021

    Cybercriminals are constantly on the lookout for means and methods to make attacks more destructive. In Q4 2020, Citrix ADC (application delivery controller) devices became one such tool, when perpetrators abused their DTLS interface. The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as ...

  • Security bugs left unpatched in Android app with one billion downloads

    February 16, 2021

    An Android application downloaded more than one billion times contains unpatched vulnerabilities that the app maker has failed to fix for more than three months. The vulnerabilities impact the Android version of SHAREit, a mobile app that allows users to share files with friends or between personal devices. The bugs can be exploited to run malicious code ...

  • DDoS attacks on Russian online retailers double in 2020

    February 16, 2021

    The number of DDoS attacks on Russian online retailers nearly doubled in 2020 compared to the previous year, the Rostelecom-Solar cyber security company said in a statement. “Online retail business has been in the focus of cyber criminals for several years. However, as customer demand for online retail services grew amid coronavirus restrictions, they became even ...