Researchers from IBM Trusteer found a massive fraud operation that used a network of mobile device emulators to drain millions of dollars from online bank accounts in a matter of days. “The data sources, scripts, and customized applications the gang created flowed in one automated process which provided speed that allowed them to rob millions of dollars from each victimized bank within a matter of days,” IBM Trusteer researchers Shachar Gritzman and Limor Kessem wrote. The cybercriminals used emulators to mimic thousands phones belonging to banks customers. They entered usernames and passwords into banking apps running on the emulators and initiated fraudulent money orders that siphoned funds out of the compromised accounts.
The crooks used device identifiers corresponding to each compromised account holder and spoofed GPS locations the device was known to use. The attackers were also able to bypass multi-factor authentication by accessing SMS messages. They intercepted communications between the spoofed devices and the banks’ application servers and also used logs and screenshots to track the operation over timeThe IBM Trusteer report doesn’t explain how the crooks managed to steal SMS messages and device IDs. The banks were located in the US and Europe.