Tuesday, April 7, 2026
Latest:

Threatshub.org sponsored-Post

The Register

Scammers have virtual smartphones on speed dial for fraud

TH Author

Smartphones have fast become the basis of our digital identities, securing payment systems and bank accounts. Now virtual devices that pretend to be real handsets have become a key tool for financial scammers, according to one company. 

Security vendor Group IB issued a report Wednesday into the misuse of ostensibly legitimate cloud phone platforms as tools for criminals to commit authorized push payment (APP) fraud. As with the social media abusers who came before them, fraudsters choose cloud phones because they appear to be totally legitimate devices if you don’t know how to examine their telemetry. 

Traditional banks of actual smartphones are expensive and cumbersome to maintain. SIM farms, meanwhile, make use of so much emulation software to run ARM software on non-ARM hardware that they’re easy to detect, as they don’t give off data characteristic of actual smartphones.

Cloud phones, which run in virtual mobile infrastructure environments, are essentially the best of all worlds. There’s no bank of phones to waste energy on or keep updated. Software running in their environments closely mimics phone behavior, including providing each virtual Android phone with a unique device ID, IP address, and spoofed geolocation. They can even incorporate fake sensor data to make it appear as if each device actually exists in the physical world. 

Platforms that offer such services market their stack as being for those who need to manage multiple social media accounts, resellers avoiding platform spam limits, or anyone, in the words of one platform, who needs “high-volume outreach where ‘stealth’ is a requirement, not a luxury.” 

In other words, yes, these are “legitimate” companies – just ones operating in a rather gray area when it comes to acceptable use policy compliance. 

Cloud phones: Great money mules

According to the report, cybercriminals are increasingly using cloud phones APP money transfers. APP fraud takes a number of forms, but all have one thing in common: Convincing victims to send money to a scammer. And analysts expect losses from the scam to rise.

“We estimate authorized push payment fraud losses in the United States could increase to $14.9 billion by 2028 from an estimated $8.3 billion in 2024,” Deloitte said in a report last October. 

For APP fraudsters, cloud phones make the perfect devices. Because the phones being emulated by cloud platforms appear entirely legitimate as far as financial institutions are currently concerned, fraudulent transfers of money from scam victims to attacker-controlled accounts, which are then forwarded on to scammers via cloud devices with banking apps installed, never trigger fraud alerts. 

“To the bank’s fraud detection system, it will appear to be the same device accessing the account that has always accessed it – same hardware fingerprint, same telemetry, same behavioral patterns,” Group-IB explained. 

According to their research, cybercrime forums increasingly feature cloud phones pre-configured with finance apps and account login details that have been “pre-warmed” with a few transactions so as to appear legitimate. They go for anywhere from $50 to $200 a piece. 

In many cases, the report noted, undiscovered cloud phone usage is “the critical missing link in many APP fraud cases.”

Time for finance to rethink security?

Group-IB said that it’s identified a couple of methods for identifying cloud phones. In both cases, unfortunately, spotting the stealthy devices might require a rethink of how financial institutions are securing accounts. 

For example, many default apps installed on smartphones are missing from cloud devices, while special management applications are installed. There are also behavioral anomalies to keep an eye on, they noted, with cloud devices often showing constantly charged batteries and a lack of sensor motion during use sessions. 

Those types of device signals are often an afterthought for financial institutions, who have traditionally relied on knowledge-based authentication and fingerprinting via device IDs to ensure users are who they say they are. 

“The broader lesson is not that device fingerprinting has failed, it is that fraud detection must move beyond static device authenticity checks to multi-layered intelligence,” the report concluded, adding “device-environment correlation, infrastructure-level visibility, behavioral modeling, and graph-based analytics” as methods to catch some of the signals they highlighted.  ®

READ MORE HERE