Hackers Deploying Virtual Android Phones To Bypass Bank Security, Empty Users’ Accounts: Cybersecurity Researchers

Cybercriminals are now using virtual phones to fool the anti-fraud protections of banks and drain customers’ accounts.

Citing the cybersecurity firm Group-IB, Malwarebytes researcher Pieter Arntz says criminals are renting cheap internet-based Android smartphones and using them to bypass banks’ security checks.

“The start of an attack is still social engineering. Criminals try to trick users into sharing one-time passwords (OTPs), approve a login or make a transfer ‘to a safe account.’

Behind the scenes, the criminal logs into a cloud phone instance that already looks like the victim’s device to their bank, thanks to matching or plausible fingerprints and pre-warmed behavior. Once the criminals are in, they carry out authorized push payment (APP) transfers (often to money-mule accounts), that the bank’s systems may treat as low-risk because nothing about the device seems obviously wrong.

At that point the criminals can start emptying your account or sell the virtual phones to other criminals.”

Arntz says that the cybercriminals are renting the cloud phones from platforms that offer device rentals for just $0.10-$0.50 per hour, making the technology to commit the fraud widely accessible.

To stay safe from these cloud phone scams, Group-IB and Malwarebytes recommend people never share their one-time passwords (OTPs), approve unexpected logins, or make transfers to a “safe account.”

These are the classic social engineering tricks that let criminals in.

They say users should always double-check any bank request by contacting the bank directly through an official app or phone number, turn on transaction alerts and monitor accounts regularly to spot and stop anything suspicious right away. Follow us on X, Facebook and Telegram
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Surf The Daily Hodl Mix