Scams & Phishing News Criminals are renting virtual phones to bypass bank security

[Brownie2019]

Content source

https://www.malwarebytes.com/blog/news/2026/03/criminals-are-renting-virtual-phones-to-bypass-bank-security

Researchers at Group-IB warn about criminals using virtual Android devices to bypass modern security solutions.

Cloud phones are virtual Android devices that can fully mimic real device fingerprints (model, hardware, IP, timezone, sensor data, behavior). This allows them to undermine banks’ device‑based fraud detection.

Originally, phone farms were made up of physical devices and were set up for testing. They grew in number when companies found out they could rent virtual phones and artificially raise engagement stats like follower counts, likes, shares, and so on. Further growth was driven by moving the infrastructure from physical phone farms to cloud phones.

At some point, cybercriminals figured out how to use these “rent-a-phones” to trick people into sharing access to banking accounts and crypto wallets, which were then emptied.

Banks caught on to these tactics and started building mobile apps that rely on device fingerprinting. This helped them detect and block fake devices taking over people’s accounts.

Full Story on:

Criminals are renting virtual phones to bypass bank security

Not a real phone, but good enough to fool your bank. Researchers warn criminals are using virtual devices to bypass fraud checks.

www.malwarebytes.com

 

[TairikuOkami]

eSIM, cough. I had a hard time activating my new phone because of eSIM, it just works.

 

[Halp2001]

This explains why some banking systems can be fooled if they don't strengthen their device fingerprinting verification.

For home users, the lesson is clear: it’s essential to maintain multi-factor authentication (MFA) and always use the bank's official apps. Even with virtual devices mimicking real hardware, having that extra layer of security makes unauthorized access much harder.