What began as a simple scheme to inflate social media metrics has evolved into a sophisticated threat that is quietly reshaping the economics of digital fraud. Over the past decade, fraud prevention teams have invested heavily in device fingerprinting and emulator detection and that investment paid off; classic emulators and bot activities became predictable, easy to detect and block.
However, attackers adapted. They moved to cloud phones – remote-access Android devices running in data centers. For all intents and purposes, these are real phones, running genuine firmware, exhibiting natural sensor behavior, and presenting valid hardware attestation. Plus, they’re accessible to anyone with just $10 to spare and an internet connection. What makes this threat unlike any other is its invisibility.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Finding and Decoding Multi-Step Obfuscated Malware
February 2, 2021
Recently, in the process of a threat investigation, Trend Micro researchers found an interesting event. A process (nslookup.exe) that tried to connect to a malicious URL that was already blocked by trend Micro solutions. We could have stopped at this point, but searching for the root cause is part of managed detection and response (MDR) — ...
- This Linux malware is hijacking supercomputers across the globe
February 2, 2021
A small but complex malware variant is targeting supercomputers worldwide. Reverse engineered by ESET and described in a blog post on Tuesday, the malware has been traced back to attacks against supercomputers used by a large Asian Internet Service Provider (ISP), a US endpoint security vendor, and a number of privately-held servers, among other targets. The cybersecurity ...
- SonicWall zero-day exploited in the wild
February 1, 2021
Cyber-security firm the NCC Group said on Sunday that it detected active exploitation attempts against a zero-day vulnerability in SonicWall networking devices. Details about the nature of the vulnerability have not been made public to prevent other threat actors from studying it and launching their own attacks. “We’ve seen it used by a single threat actor earlier ...
- UK Research and Innovation (UKRI) suffers ransomware attack
January 30, 2021
The UK Research and Innovation (UKRI) is dealing with a ransomware incident that encrypted data and impacted two of its services, one offering information to subscribers and the platform for peer review of various parts of the agency. UKRI is a public body of the Government of the United Kingdom, tasked with investing in science and ...
- Chopper ASPX web shell used in targeted attack
January 29, 2021
Based on Trend Micro researchers investigation, the Chopper web shell is dropped via a system token, potentially via a Microsoft Exchange Server vulnerability. One notable vulnerability in the Microsoft Exchange Server is CVE-2020-0688, a remote code execution bug. Microsoft issued a patch for this vulnerability in February 2020. However, the malicious actors behind this attack ...
- Fonix ransomware shuts down and releases master decryption key
January 29, 2021
The Fonix Ransomware operators have shut down their operation and released the master decryption allowing victims to recover their files for free. Fonix Ransomware, also known as Xinof and FonixCrypter, began operating in June 2020 and has been steadily encrypting victims since. The ransomware operation was not as widely active as others, such as REvil, Netwalker, ...

