Criminals are renting virtual phones to bypass bank security
嗯,用户让我帮忙总结一篇文章,控制在100字以内,而且不需要特定的开头。首先,我需要通读整篇文章,抓住主要信息。 文章讲的是Group-IB的研究人员警告犯罪分子使用虚拟安卓设备绕过现代安全措施。这些虚拟设备可以模拟真实设备的指纹,包括型号、硬件、IP地址等等,从而绕过银行的设备检测机制。 接着,文章提到这些虚拟设备最初用于测试和提升统计数据,后来被犯罪分子用于诈骗。银行开始使用设备指纹来检测假设备,但犯罪分子又找到了新的方法,比如预热设备和使用云手机。 云手机在数据中心运行,看起来像真实设备,成本也很低。犯罪分子利用这些设备进行账户接管攻击和社会工程学诈骗。最后,文章给出了用户的安全建议。 现在我要把这些要点浓缩到100字以内。首先提到研究人员警告犯罪分子使用虚拟安卓设备绕过安全措施。然后说明这些设备如何模拟真实指纹和绕过检测。接着提到犯罪分子利用云手机进行诈骗和预热行为。最后总结银行面临的风险和用户需要注意的地方。 确保语言简洁明了,不遗漏关键点。检查字数是否在限制内,并且没有使用任何开头的固定句式。 </think> 研究人员警告犯罪分子利用虚拟安卓设备绕过现代安全措施。这些虚拟设备可模拟真实设备指纹(如型号、硬件、IP地址等),绕过银行基于设备的欺诈检测机制。犯罪分子通过“预热”设备(安装银行应用、注册凭证并运行小额交易)使账户和 telemetry 看起来低风险。云手机成本低廉且功能强大,使诈骗更容易实施。银行需警惕此类攻击并加强安全措施。 2026-3-27 13:34:44 Author: www.malwarebytes.com(查看原文) 阅读量:6 收藏

Researchers at Group-IB warn about criminals using virtual Android devices to bypass modern security solutions.

Cloud phones are virtual Android devices that can fully mimic real device fingerprints (model, hardware, IP, timezone, sensor data, behavior). This allows them to undermine banks’ device‑based fraud detection.

Originally, phone farms were made up of physical devices and were set up for testing. They grew in number when companies found out they could rent virtual phones and artificially raise engagement stats like follower counts, likes, shares, and so on. Further growth was driven by moving the infrastructure from physical phone farms to cloud phones.

At some point, cybercriminals figured out how to use these “rent-a-phones” to trick people into sharing access to banking accounts and crypto wallets, which were then emptied.

Banks caught on to these tactics and started building mobile apps that rely on device fingerprinting. This helped them detect and block fake devices taking over people’s accounts.

But as with any arms race, criminals found a way around that too. They now “pre‑warm” devices by adding banking apps, registering credentials, and running small transactions so accounts and device telemetry look low‑risk.

The researchers note that:

“They moved to cloud phones—remote-access Android devices running in data centers. For all intents and purposes, these are real phones, running genuine firmware, exhibiting natural sensor behavior, and presenting valid hardware attestation.”

And it’s not a big investment for the criminals. Major cloud phone platforms offer device rentals for as little as $0.10-0.50 per hour, making fraud infrastructure accessible to almost anyone.

One place these devices are used is in mobile games with real-money economies. These games have long struggled with a specific problem: bot farming of in-game currency and resources. In many cases, automated accounts can generate in-game items that have real-world value.

Banks face a different problem: account take-over (ATO) attacks. As banking shifted from web browsers to mobile apps, they needed more reliable and comprehensive ways to identify trusted devices. Many banks now bind accounts to specific devices and flag transfers that don’t come from that device.

The start of an attack is still social engineering. Criminals try to trick users into sharing one-time passwords (OTPs), approve a login, or make a transfer “to a safe account.”

Behind the scenes, the criminal logs into a cloud phone instance that already looks like the victim’s device to their bank, thanks to matching or plausible fingerprints and pre‑warmed behavior.

Once the criminals are in, they carry out authorized push payment (APP) transfers (often to money‑mule accounts), that the bank’s systems may treat as low‑risk because nothing about the device seems obviously wrong.

At that point the criminals can start emptying your account or sell the virtual phones to other criminals. According to the researchers:

“Darknet markets actively trade pre-verified dropper accounts created on cloud phones, with Revolut and Wise accounts priced at $50-200 each, often including continued access to the cloud phone instance.”

How to stay safe

The Group-IB researchers advise end users to:

  • Never complete account verification processes under third-party instruction. Keep in mind that banks and government institutions will not ask customers to authenticate accounts through unfamiliar apps or remote environments.
  • Enable device-based security features. Use official mobile banking apps, biometric authentication, and strong device-level security settings.
  • Be cautious of “easy income” schemes involving bank accounts. Fake job offers requiring you to “verify” bank accounts, government officials requesting account verification, bank representatives asking you to move money to “safe” accounts.
  • If you suspect that you have been targeted, contact your bank immediately. Update passwords and enable multi-factor authentication on all accounts.

We’d like to add:

  • Turn on banking alerts for logins, payee changes and transactions where possible so you see unusual activity immediately.
  • Use an up-to-date, real-time anti-malware solution for your Android device to detect and stop information stealers.
  • When in doubt about a message, consult Malwarebytes Scam Guard. It will help you figure out if it’s a scam and guide you through what to do.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

About the author

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.


文章来源: https://www.malwarebytes.com/blog/news/2026/03/criminals-are-renting-virtual-phones-to-bypass-bank-security
如有侵权请联系:admin#unsafe.sh