Infosecurity Magazine reports that threat actors have been increasingly exploiting cloud phones, or virtualized Android devices operating on remote servers, to conduct financial fraud operations.
Cloud phones have been leveraged to establish dropper accounts, or bank accounts for storing and transferring illicit funds, an analysis from Group-IB showed. Such accounts have driven Authorized Push Payment fraud losses in the UK to reach $649 million in 2022.
Additional findings revealed easily accessible fraud infrastructure enabled by cloud phone platforms, which offer affordable virtual devices to malicious actors.
Operators of the platforms have also begun peddling pre-verified bank accounts associated with the devices over the dark web, effectively bypassing fraud detection systems.
With traditional device fingerprinting being less effective in protecting cloud phones, organizations have been urged to implement device fingerprinting alongside network intelligence and behavioral modeling, as well as graph-based risk analysis for improved related account discovery and new account tracking.
Cloud phones have been leveraged to establish dropper accounts, or bank accounts for storing and transferring illicit funds, an analysis from Group-IB showed. Such accounts have driven Authorized Push Payment fraud losses in the UK to reach $649 million in 2022.
Additional findings revealed easily accessible fraud infrastructure enabled by cloud phone platforms, which offer affordable virtual devices to malicious actors.
Operators of the platforms have also begun peddling pre-verified bank accounts associated with the devices over the dark web, effectively bypassing fraud detection systems.
With traditional device fingerprinting being less effective in protecting cloud phones, organizations have been urged to implement device fingerprinting alongside network intelligence and behavioral modeling, as well as graph-based risk analysis for improved related account discovery and new account tracking.




