Cloud Phones: The Invisible Threat


What began as a simple scheme to inflate social media metrics has evolved into a sophisticated threat that is quietly reshaping the economics of digital fraud. Over the past decade, fraud prevention teams have invested heavily in device fingerprinting and emulator detection and that investment paid off; classic emulators and bot activities became predictable, easy to detect and block.

However, attackers adapted. They moved to cloud phones – remote-access Android devices running in data centers. For all intents and purposes, these are real phones, running genuine firmware, exhibiting natural sensor behavior, and presenting valid hardware attestation. Plus, they’re accessible to anyone with just $10 to spare and an internet connection. What makes this threat unlike any other is its invisibility.

Read more…
Source: Group IB


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • As Maze retires, clients turn to Sekhmet ransomware spin-off Egregor

    November 4, 2020

    As the developers of the Maze ransomware announce their exit from the malware scene, clients are now thought to be turning to Egregor as a substitute. The Maze group has been a devastating force for companies that have fallen victim to the cybercriminals over the past year. What has separated Maze in the past from many other ...

  • VMware Issues Updated Fix For Critical ESXi Flaw

    November 4, 2020

    VMware issued an updated fix for a critical-severity remote code execution flaw in its ESXi hypervisor products. Wednesday’s VMware advisory said updated patch versions were available after it was discovered the previous patch, released Oct. 20, did not completely address the vulnerability. That’s because certain versions that were affected were not previously covered in the earlier ...

  • Ransomware-as-a-Service Becomes Increasingly Accessible via Social Media and Open Sources

    November 4, 2020

    Hackers need not search the dark web for access to their very own ransomware platforms these days. Cybercriminals are continually finding new ways to promote their underground businesses and gain the attention of new customers and novice hackers. Several threat actors have recently taken to popular social media and open sources like YouTube, Vimeo, and Sellix ...

  • REvil ransomware gang ‘acquires’ KPOT malware

    November 4, 2020

    The operators of the REvil ransomware strain have “acquired” the source code of the KPOT trojan in an auction held on a hacker forum last month. The sale took place after the KPOT malware author decided to auction off the code, desiring to move off to other projects. The sale was organized as a public auction on ...

  • Healthcare system facing ‘increased and imminent’ cyber threat

    November 3, 2020

    Federal agencies warn that cybercriminals are escalating their extortion attempts against the healthcare sector even as hospitals are facing a nationwide surge in Covid-19 cases. In a joint alert, the FBI and two federal agencies warned that they had “credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers”. The alert ...

  • Cybersecurity: One in three attacks are coronavirus-related

    November 3, 2020

    The UK’s National Cyber Security Centre (NCSC) is ‘stepping up support’ for the National Health Service to help protect UK hospitals and other healthcare organisations against cyberattacks. The NCSC’s Annual Review 2020 reveals that the cyber arm of GCHQ has handled more 200 cyber incidents related to coronavirus during the course of this year – almost ...