Cloud Phones: The Invisible Threat


What began as a simple scheme to inflate social media metrics has evolved into a sophisticated threat that is quietly reshaping the economics of digital fraud. Over the past decade, fraud prevention teams have invested heavily in device fingerprinting and emulator detection and that investment paid off; classic emulators and bot activities became predictable, easy to detect and block.

However, attackers adapted. They moved to cloud phones – remote-access Android devices running in data centers. For all intents and purposes, these are real phones, running genuine firmware, exhibiting natural sensor behavior, and presenting valid hardware attestation. Plus, they’re accessible to anyone with just $10 to spare and an internet connection. What makes this threat unlike any other is its invisibility.

Read more…
Source: Group IB


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • REvil ransomware creates eBay-like auction site for stolen data

    June 2, 2020

    ​The operators of the REvil ransomware have launched a new auction site used to sell victim’s stolen data to the highest bidder. REvil, otherwise known as Sodinokibi, is a ransomware operation that breaches corporate networks using exposed remote desktop services, spam, exploits, and hacked Managed Service Providers. Once established on a network, they quietly spread laterally through the company while stealing ...

  • Severe Cisco DoS Flaw Can Cripple Nexus Switches

    June 2, 2020

    Cisco has patched a high-severity flaw in its NX-OS software, the network operating system used by Cisco’s Nexus-series Ethernet switches. If exploited, the vulnerability could allow an unauthenticated, remote attacker to bypass the input access control lists (ACLs) configured on affected Nexus switches – and launch a denial of service (DoS) attacks on the devices. “A successful ...

  • New cold boot attack affects seven years of LG Android smartphones

    June 2, 2020

    South Korean phone manufacturer LG has released a security update last month to fix a vulnerability that impacts its Android smartphones sold over the past seven years. The vulnerability, tracked under the identifier of CVE-2020-12753, impacts the bootloader component that ships with LG smartphones. Separate from the Android OS, the bootloader is a piece of firmware specific ...

  • Factory Security Problems from an IT Perspective (Part 3): Practical approach for stable operation

    June 1, 2020

    This article is the last in a series that discusses the challenges that IT departments face when they are assigned the task of overseeing cybersecurity in factories and implementing measures to overcome these challenges. As explained in the first two articles, a factory network that accounts for diverse conditions and environments requires a well-balanced consideration ...

  • Minneapolis Police Department Hack Likely Fake, Says Researcher

    June 1, 2020

    As protests continue to proliferate across the globe in the wake of George Floyd’s death, the Minnesota Police Department is making news for something else: A supposed hack, perpetrated at the hands of the Anonymous hacktivist group. According to Troy Hunt at Have I Been Pwned (HIBP), the group of allegedly ill-gotten email addresses and passwords ...

  • Goodbye Mworm, Hello Nworm: TrickBot Updates Propagation Module

    May 28, 2020

    First discovered in 2016, TrickBot is an information stealer that provides backdoor access sometimes used by criminal groups to distribute other malware. TrickBot uses modules to perform different functions, and one key function is propagating from an infected Windows client to a vulnerable Domain Controller (DC). TrickBot currently uses three modules for propagation. As early as April ...