Massive fraud campaign sees millions vanish from online bank accounts

(Image credit: Shutterstock / Sapann Design)

Researchers have uncovered an extensive fraud campaign that saw millions of dollars drained from victims’ online bank accounts.

The operation was discovered by experts at IBM Trusteer, the IT giant’s security division, who described the attack as unprecedented in scale.

To gain access to online banking accounts, the fraudsters are said to have utilized a piece of software known as a mobile emulator, which creates a virtual clone of a smartphone.

In this case, thousands of these emulated devices were used to infiltrate online banking accounts that had already been compromised in earlier malware and phishing attacks.

Having bypassed protections using GPS and VPN techniques and by simulating device identifiers attached to each account, the hackers were able to execute money orders that funnelled funds out of accounts.

Online banking fraud

Mobile emulation applications have various legitimate use cases, primarily in application development and pen testing, but can also be abused by cybercriminals. In this case, a large network of emulators were used to execute financial fraud on a mass scale.

“In some cases, over 20 emulators were used in the spoofing of well over 16,000 compromised devices. The attackers use these emulators to repeatedly access thousands of customer accounts and end up stealing millions of dollars in a matter of just a few days,” wrote Shachar Gritzman and Limor Kessman, researchers at Trusteer.

According to the pair, the attackers were careful to keep transactions under amounts that might trigger further investigation and, after completing the attack, were careful to cover their tracks.

“Each time the system used a device in a successful transfer, it was ‘recycled’ and replaced by another, unused device. The same happened when a device was blocked by financial institutions,” the researchers added.

While there is little individuals can do to shield against mobile emulation attacks of this sophistication, the theft of funds could not have occurred if accounts had not been compromised in advance. Therefore, using a password manager to generate strong, unique passcodes and exercising caution when opening files delivered via email will go at least some way to keeping mobile users protected.

Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.