Cloud Phones: The Invisible Threat


What began as a simple scheme to inflate social media metrics has evolved into a sophisticated threat that is quietly reshaping the economics of digital fraud. Over the past decade, fraud prevention teams have invested heavily in device fingerprinting and emulator detection and that investment paid off; classic emulators and bot activities became predictable, easy to detect and block.

However, attackers adapted. They moved to cloud phones – remote-access Android devices running in data centers. For all intents and purposes, these are real phones, running genuine firmware, exhibiting natural sensor behavior, and presenting valid hardware attestation. Plus, they’re accessible to anyone with just $10 to spare and an internet connection. What makes this threat unlike any other is its invisibility.

Read more…
Source: Group IB


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Adventures in MQTT Part II: Identifying MQTT Brokers in the Wild

    November 18, 2020

    The use of publicly accessible MQTT brokers is prevalent across numerous verticals and technology fields. I was able to identify systems related to energy production, hospitality, finance, healthcare, pharmaceutical manufacturing, building management, surveillance, workplace safety, vehicle fleet management, shipping, construction, natural resource management, agriculture, smart homes and far more. Hackers have been sounding alarms about this ...

  • APT10: Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign

    November 17, 2020

    A large-scale attack campaign is targeting multiple Japanese companies, including subsidiaries located in as many as 17 regions around the globe in a likely intelligence-gathering operation. Companies in multiple sectors are targeted in this campaign, including those operating in the automotive, pharmaceutical, and engineering sector, as well as managed service providers (MSPs). The scale and sophistication of ...

  • More than 200 systems infected by new Chinese APT ‘FunnyDream’

    November 17, 2020

    A new Chinese state-sponsored hacking group (also known as an APT) has infected more than 200 systems across Southeast Asia with malware over the past two years. The malware infections are part of a widespread cyber-espionage campaign carried out by a group named FunnyDream, according to a new report published today by security firm Bitdefender. The attacks ...

  • Information Leakage in AWS Resource-Based Policy APIs

    November 17, 2020

    Unit 42 researchers discovered a class of Amazon Web Services (AWS) APIs that can be abused to leak the AWS Identity and Access Management (IAM) users and roles in arbitrary accounts. Researchers confirmed that 22 APIs across 16 different AWS services could be abused the same way and the exploit works across all three AWS ...

  • Cybercriminal ‘Cloud of Logs’ – The Emerging Underground Business of Selling Access to Stolen Data

    November 16, 2020

    In this latest research by the Trend Micro Forward-Looking Threat Research (FTR) team, we take a closer look at an emerging underground market that is driven by malicious actors who sell access to troves of stolen data, frequently advertised in the underground as “clouds of logs.” This underground market affects not just users whose credentials ...

  • Scams Ramp Up Ahead of Black Friday Cybercriminal Craze

    November 16, 2020

    The number of online holiday shoppers this year is expected to skyrocket due to the pandemic – and consequently, consumers can expect an onslaught of scams, phishing attacks and other malicious activities. The risk of infection is driving consumers to shop from the safety of their homes, rather than venture out into stores. In fact, a ...