Latest News

Banks lose millions of dollars in mobile hack

By Anthony Savvas

IBM Security has discovered a major mobile banking fraud operation that managed to “steal millions of dollars” from financial institutions in Europe and the US “within a matter of days”.

IBM Security's Trusteer mobile security research team said that the attacks have now been intercepted and halted.

They added: “This was the work of a professional and organised gang that used mobile device emulators to set up thousands of spoofed devices that accessed thousands of compromised accounts.”

Mobile emulators are legitimate software used for virtualisation needs.

An emulator can mimic the characteristics of a variety of mobile devices without the need to purchase them, and is typically used by developers to test applications and features on a wide array of device types.

In each attack instance, a set of mobile device identifiers was used to spoof an actual account holder’s device, likely ones that were previously infected by malware or collected via phishing pages.

Using automation, scripting and potentially access to a mobile malware botnet or phishing logs, the attackers, who had the victims' usernames and passwords, initiated and finalised fraudulent transactions “at scale.”

They automated large numbers of fraudulent money transfers, being careful to keep them under amounts that triggered further review by the banks.

“The scale of this operation is one that has never been seen before, in some cases, over 20 emulators were used in the spoofing of well over 16,000 compromised devices,” said Shachar Gritzman, a mobile malware researcher at IBM Security's Trusteer.

“The attackers used these emulators to repeatedly access thousands of customer accounts and ended up stealing millions of dollars in a matter of just a few days in each case.”

After each spree, he said, the attackers shut down the operation, wiped traces and prepared for the next attack.

Gritzman added: “Given the size and scale of this attack, we published details of it to urgently raise awareness to the sophistication of the campaign, and to help financial institutions prepare for potential similar attacks on their customer base.”

    Share Story:

Recent Stories

Barclays issued with $361m penalty

Toqio raises €20m in Series A funding round

Penfold launches Advisor Portal aimed at SMEs


Creating value together: Strategic partnerships in the age of GCCs
As Global Capability Centres reshape the financial services landscape, one question stands out: how do leading banks balance in-house innovation with strategic partnerships to drive real transformation?

BANNER

BANNER

Data trust in the AI era: Building customer confidence through responsible banking
In the second episode of FStech’s three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech examines the critical relationship between data trust, transparency, and responsible AI implementation in financial services.

Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.

Beyond compliance: Building unshakeable operational resilience in financial services
In today's rapidly evolving financial landscape, operational resilience has become a critical focus for institutions worldwide. As regulatory requirements grow more complex and cyber threats, particularly ransomware, become increasingly sophisticated, financial services providers must adapt and strengthen their defences. The intersection of compliance, technology, and security presents both challenges and opportunities.

© 2019 Perspective Publishing     Privacy & Cookies