Contact us

BOOK A PRESENTATION

Mobile Emulators Fraud: How to protect your applications?

NO NAME
Mobile emulators, besides their original use cases, have become a tool used by hackers for targeting mobile applications. By allowing access to multiple devices and apps at once, they have proven to be a successful method of bypassing authentication and rule-based security measures. To find out what cybersecurity experts are dealing with at the moment, keep on reading!

Mobile emulators, besides their original use cases, have become a tool used by hackers for targeting mobile applications. By allowing access to multiple devices and apps at once, they have proven to be a successful method of bypassing authentication and rule-based security measures. To find out what cybersecurity experts are dealing with at the moment, keep on reading!

What are mobile emulators?  

Mobile emulators are tools designed for running tests on mobile devices using desktop computers, particularly useful when it comes to testing mobile applications. They allow developers to simulate, imitate, and optimize mobile app software and hardware behavior without the need to use multiple types of devices.  
 
A great part of the mobile emulator utility is making the design of the application responsive. Mobile applications need to work well on different types of mobile operating systems and interfaces, which includes factors such as different screen resolutions. You can emulate any device type, model, manufacturer, screen, location, touch screen taps, and swipes – all without possessing a physical device.  


Emulators are a cheaper and more efficient way of developing mobile software because they offer scale. There is no need to test on various types of devices. By using an emulator, you are set up for success because of its accessibility, time efficiency, and ease of use.  
 
Unfortunately, with mobile emulators being within such an easy reach, the technology is also used for illegal practices

Role of mobile emulators within mobile fraud 

When given to the hands of an attacker, mobile emulators are able to cause a great amount of damage. Victims include all of the mobile app stakeholders: app owners, developers, and end-users. Widespread use of mobile emulators among hackers makes a lot of sense since it enables them to run large-scale attacks directly from their desktops.  
 
Here are some common use cases for mobile emulators regarding mobile fraud: 

  • Scripted, automated credential stuffing attacks 
  • Bogus social media accounts for sending SPAM and phishing emails 
  • Emulated user behavior (click, tap, swipe) 
  • Account takeover with stolen credentials 
  • Simultaneous fraud campaigns

Furthermore, the traditional rule-based security platforms can be easily bypassed with the use of a mobile emulator. In case an emulated instance of a device ID is blacklisted, the attacker simply discards it and creates a new one.  


With the evolving security technology, attackers are evolving as well. Their attacks are getting more and more sophisticated by the minute, demanding the full attention of cybersecurity experts. To get an idea of how sophisticated these hackers are nowadays, find out what happens when a group of organized hackers walks into a bar and finds 20 emulators.

Mobile emulators went rogue: Evil Mobile Emulator Farms 

We have to mention the infamous fraud operation that used mobile emulators as its weapon of choice to commit fraud on a never before seen scale. The name of the operation, Evil Mobile Emulator Farms. Researchers from IBM Trusteer have detected a fraud operation that used mobile device emulators in order to drain millions of dollars in just a few days.  
 
A group of organized professionals used about 20 emulators, which imitated 16,000 smartphones belonging to end-users of an mBanking application. A separate case brought findings that are even more shocking - a single emulator imitating 8,100 devices.  


To follow through with the attack, hackers had a lot of prepping to do. Their tasks included the collection of usernames and passwords, device types and IDs, parts of SMS messages (the ones containing OTPs for successful 2FA). This indicates yet another task, infecting the spoofed mobile devices with malware prior to the emulator attack. 
 
After taking care of the data necessary to bypass the authentication, the attackers were able to automate the attack by using emulators. Since the actual purpose of an emulator is to mimic the behavior of a mobile device; the attackers automated the attack by scripting it and feeding the login data to the mBanking app. And that is, in short, how US and EU banks lost millions in a matter of days.

How to fight back? 

ASEE developed a mobile app security solution capable of detecting and preventing real-time attacks – App Protector. By covering a multitude of mobile application threats; including emulators, App Protector is a security powerhouse capable of safeguarding your application and its users.  
 
In case of a detected anomaly within the device or the application, App Protector neutralizes the threat by responding  in one out of three ways: 

  • Generating false values – the attacker is presented with false authentication information (e.g., OTP); disabling them from further access to the application 
  • Notification – the end-user or the server is notified about a potential application misuse 
  • Termination – the app terminates immediately after a detected anomaly
     

App Protector allows customization of responses when in online mode. Online mode offers an admin portal used for configuration customization. Meaning that the administrator is able to select the preferred response for a specific type of detected threat. The offline mode of App Protector comes with hardcoded configuration where such customization is not available.  
 
It is important to notice that the integration of App Protector with your mobile application does not affect the look or feel of the app itself. There is no tampering with the design and performance of the app; only a much needed additional layer of security for you and your end-users.  

App Protector Free SDK

Download App Protector SDK

App Protector SDK is a mobile security component built into the application's code enabling runtime protection as well as a variety of mobile application hardening techniques, including jailbreak detection.

To find out more about our App Protector solution, contact us or visit our blog section.  
 

Want to learn more about cybersecurity trends and industry news?

SUBSCRIBE TO OUR NEWSLETTER

CyberSecurityhub

chevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram