Cybercriminals' ever-evolving tactics, techniques, and procedures (TTPs) defraud customers worldwide of online banking, payment systems, advertising networks, and marketplaces.

Threat actors are increasingly using mobile Android OS device spoofing tools, according to Resecurity. Fraudsters can impersonate compromised account holders and bypass anti-fraud controls with these tools.

Resecurity said Cybercriminals use these tools to access compromised accounts and impersonate legitimate customers by exploiting stolen cookie files, impersonating hyper-granular device identifiers, and utilizing fraud victims’ unique network settings.

HUNTER threat intelligence specialists from Resecurity researched this rapidly emerging attack type to help fraud prevention teams build proper mitigation controls and better understand the ever-changing cybercriminal threat landscape.

Threat actors have used desktop-based antidetect browsers since 2014 to circumvent account bans and manipulate systems, but adversarial mobile OS-based tools represent a new frontier in cybercrime.

Resecurity found a significant increase in threat actors seeking this type of tool in Q1 2023 and new Dark Web products to meet market demand. HUNTER researchers first gathered intelligence about these tools from underground communities like XSS (the top Russian cybercriminal forum on the Dark Web) and several private Telegram groups that give vetted members access to specialised attack kits used for online banking theft and fraud.

These marketplaces sell spoofers, emulators of device fingerprints, and antidetect browsers. A smartphone's fingerprint is made up of a specific mix of hardware type, operating system (OS) version, software version, geolocation, screen size, language, and other factors.

Bypassing anti-fraud controls based on these fingerprints on banking websites, e-commerce portals, and other online marketplaces, threat actors use these attack kits. XSS forum member Daddy Goose is one prominent threat actor mentioned in this space by Resecurity analyst.

Resecurity discovered this threat actor asking for $700 for a mobile antidetect. Daddy Goose provided HUNTER with a Swiss Army knife-like combination of tools and modified components to commit online identity fraud after further interaction.

A cookie manager, location spoofer, changes to the device fingerprint, and other tools are among these. HUNTER discovered a number of comparable offers being promoted by other cybercriminal developers.

Got a news tip for our journalists? Share it with us anonymously here.

Send press releases to [email protected]. Other ways to contact us. Editorially, we may rewrite headlines and descriptions.

Recommend Redwires AU: Accessible News For Young Cybersecurity Aussies

Redwires AU provides Young Australians with easily accessible, curated cybersecurity news.

Before you go..

You can get RedWires AU for free right now. Your donation, no matter how big or small, will help us keep doing honest journalism.

The readers of Redwires AU are the engine that drives our publication. Add your support to the effort to create a sustainable future for journalism that does not make compromises in the AU.

In the world we live in now, accurate and thorough reporting and analysis are becoming more and more critical. To stop the spread of false information, it's essential that everyone in Australia has access to good reporting.

The Redwires AU contributes to society by opening up access to information and resources for all people, rather than just a select few.

Our only goal is to educate the general public more thoroughly. If you believe in what we're trying to accomplish here, please consider making a contribution right away to ensure our success in the years to come.

Upgrade your subscription to get the most out of it. Join the growing number of people around the world who believe in the power of independent media.