Cloud phones—virtual devices hosted in remote data centers—are emerging as one of the most difficult fraud tools for banks and cybersecurity teams to detect.
Unlike traditional emulators or bots, cloud phones behave like legitimate smartphones, generating authentic hardware identifiers, sensor activity, and device telemetry that can bypass standard fraud detection systems.
Recent research by Group-IB describes them as an “invisible threat” because financial institutions often cannot distinguish them from real customer devices.
According to findings published in March 2026, cybercriminals are increasingly using platforms such as LDCloud, Redfinger, and GeeLark to rent cloud phones for as little as USD 0.10–0.50 per hour. These devices are now heavily linked to authorized push payment (APP) fraud, account takeovers, fake account creation, and money mule operations. Researchers estimate that APP fraud losses tied to these schemes reached GBP 485.2 million in the UK alone in 2023.
The growing threat lies in the persistence and realism of cloud phones. Fraudsters can maintain the same “trusted” device identity over long periods, avoiding alerts normally triggered by device changes. Underground marketplaces are also reportedly selling pre-configured cloud phone environments with verified banking and fintech accounts, including access to mobile banking apps already warmed up with transaction history. Broader cybersecurity research also shows that fraud-as-a-service ecosystems are lowering the barrier to entry for cybercrime. A recent academic review on cybercrime-as-a-service warns that cloud-based criminal infrastructure is becoming cheaper, more scalable, and harder for authorities to dismantle. Meanwhile, the World Economic Forum Global Cybersecurity Outlook 2026 identifies cyber-enabled fraud and phishing as the top concern among CEOs worldwide, reflecting the increasing sophistication of financially-motivated attacks.
Click Here For The Original Source.
