Cloud Phones: The Invisible Threat


What began as a simple scheme to inflate social media metrics has evolved into a sophisticated threat that is quietly reshaping the economics of digital fraud. Over the past decade, fraud prevention teams have invested heavily in device fingerprinting and emulator detection and that investment paid off; classic emulators and bot activities became predictable, easy to detect and block.

However, attackers adapted. They moved to cloud phones – remote-access Android devices running in data centers. For all intents and purposes, these are real phones, running genuine firmware, exhibiting natural sensor behavior, and presenting valid hardware attestation. Plus, they’re accessible to anyone with just $10 to spare and an internet connection. What makes this threat unlike any other is its invisibility.

Read more…
Source: Group IB


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Jupyter trojan: Newly discovered malware stealthily steals usernames and passwords

    November 16, 2020

    A newly uncovered trojan malware campaign is targeting businesses and higher education in what appears to be an effort to steal usernames, passwords and other private information as well as creating a persistent backdoor onto compromised systems. Jupyter infostealer has been detailed by cybersecurity company Morphisec who discovered it on the network of an unnamed higher ...

  • Israeli companies targeted with new Pay2Key ransomware

    November 16, 2020

    Several companies and large corporations from Israel have been breached and had their systems encrypted using a new strain of ransomware named Pay2Key, in what appears to be a targeted attack against Israeli networks. The first attacks were seen in late October but have now grown in numbers while also remaining contained to Israel. “As days go ...

  • What Is SCM (Security Configuration Management)?

    November 16, 2020

    The coronavirus 2019 (COVID-19) pandemic shifted the cybersecurity landscape. According to a PR Newswire release, the FBI tracked as many as 4,000 digital attack attempts a day during the pandemic. That’s 400% more than what it was prior to the pandemic. In response to these attacks, 70% of CISOs told McKinsey that they believed their ...

  • Lazarus malware strikes South Korean supply chains

    November 16, 2020

    Lazarus malware has been tracked in new campaigns against South Korean supply chains, made possible through stolen security certificates. On Monday, cybersecurity researchers from ESET revealed the abuse of the certificates, stolen from two separate, legitimate South Korean companies. Lazarus, also known as Hidden Cobra, is an umbrella term for select threat groups — including offshoot entities ...

  • Malicious Actors Target Comm Apps such as Zoom, Slack, Discord

    November 16, 2020

    In our 2020 midyear report, we discussed how the Covid-19 pandemic had forced many organizations to shift from physical offices to virtual ones — a change that also led to the rise of messaging and video conferencing apps as indispensable tools for communication. While these apps have provided businesses a way of maintaining communication between ...

  • DarkSide ransomware’s Iranian hosting raises U.S. sanction concerns

    November 15, 2020

    Ransomware negotiation firm Coveware has placed the DarkSide operation on an internal restricted list after the threat actors announced plans to host infrastructure in Iran. When the DarkSide ransomware operation encrypts a network, their affiliates steal unencrypted files, which they threaten to release if a ransom is not paid. This double-extortion strategy is always under attack by ...