🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Identify and counter malicious links and phishing attempts effectively with CloudSEK XVigil Fake URLs and Phishing module, bolstering your defense against cyber threats
Schedule a DemoCategory:Â Adversary Intelligence
Industry:Â Banking & Finance
Motivation: Profit
Region:Â Global
Source*:Â
C - Fairly Reliable
3 - Possibly True
‍
CloudSEK's Threat Intelligence Team discovered a tutorial within a Russian-speaking Cybercrime Forum, which provides a step-by-step guide on how to bypass selfie verification. Conducting individual live selfie verification is a common method to conduct KYC (Know Your Customer) verification and verify if the data points from registering customer matches with the identity picture present on the legal identification document such as SSN, Drivers license, Aadhar card, PAN card and more.
‍
In the evolving landscape of digital finance, threat actors are increasingly exploiting open-source emulators and virtual cameras to bypass KYC (Know Your Customer) verification processes on fintech platforms. This exploitation leads to the creation of fraudulent accounts, posing substantial financial and reputational risks.Â
While we haven’t noticed any active threat actors actively targeting the Indian sub-region, the current step-by-step guide targeted Revolut - a United Kingdom-based financial technology company that offers mobile-based banking services and money transfer services. Additionally, these services are catered toward brands operating in the Cryptocurrency Industry as well, such as Gemini and LiteBit
The potential for these methods to facilitate money laundering activities is a serious concern. For organizations operating in the Banking, Financial Services, and Insurance (BFSI) sector, understanding these threats is of paramount importance.
Possible mitigation to prevent abuse are:-
The implications of these threats are far-reaching, affecting not only the security of financial transactions but also the trust that customers place in these platforms.Â
Biometric Verification has been a game-changer for customers to comply with KYC regulations. These have been imposed by Banks, Crypto, and other Fintech platforms. Video KYC, Selfie Verification are the norm now in this digital world. It can be done without the need for the customer to physically visit the bank/ authorized center for each and every KYC procedure. The following table mentions entities that have Selfie Verification enabled. Once it is completed successfully, the customers can commence operations for trading/selling on the platform.
‍
CloudSEK's Threat Intelligence Team discovered a tutorial within a Russian-speaking Cybercrime Forum, which provides a step-by-step guide on how to bypass selfie verification. While monitoring discussions on other cybercrime forums we discovered another set of using the same software to bypass Selfie verification to generate Revolut accounts.
‍
The selfie verification process takes place once the phone number is verified via OTP, with the account credentials set by the customer. Since the verification process is abused via desktop using an emulator, the app can possibly get tricked into accepting a pre-manipulated image as input to complete the verification process.
The same verification method can be abused to generate accounts, in bulk on banking platforms and finance that have enabled KYC.
‍
‍
‍
‍
‍
‍
‍
‍
CloudSEK’s TRIAD team created this report based on an analysis of the increasing trend of cryptocurrency counterfeiting, in which tokens impersonate government organizations to provide some legitimacy to their “rug pull” scams. An example of this scam is covered in this report where threat actors have created a counterfeit token named “BRICS”. This token is aimed at exploiting the focus on the BRICS Summit held in Kazan, Russia, and the increased interest in investments and expansion of the BRICS government organization which comprises different countries (Brazil, Russia, India, China, South Africa, Egypt, Ethiopia, Iran, and the United Arab Emirates)
WazirX, a leading Indian cryptocurrency exchange, faced a major security breach on July 18, 2024 resulting in significant financial losses of over $200 Million. Dive into our detailed analysis to uncover how the attack unfolded, potential culprits, and the broader implications for WazirX users.
This advisory highlights recent attacks on Indian banks, focusing on two primary attack vectors: geopolitical tensions and credential stealers/social media account takeovers.
Take action now
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.
Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.
Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.
Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.
7
min read
CloudSEK's Threat Intelligence Team recently uncovered a comprehensive tutorial on bypassing selfie verification in a Russian-speaking Cybercrime Forum.
Category:Â Adversary Intelligence
Industry:Â Banking & Finance
Motivation: Profit
Region:Â Global
Source*:Â
C - Fairly Reliable
3 - Possibly True
‍
CloudSEK's Threat Intelligence Team discovered a tutorial within a Russian-speaking Cybercrime Forum, which provides a step-by-step guide on how to bypass selfie verification. Conducting individual live selfie verification is a common method to conduct KYC (Know Your Customer) verification and verify if the data points from registering customer matches with the identity picture present on the legal identification document such as SSN, Drivers license, Aadhar card, PAN card and more.
‍
In the evolving landscape of digital finance, threat actors are increasingly exploiting open-source emulators and virtual cameras to bypass KYC (Know Your Customer) verification processes on fintech platforms. This exploitation leads to the creation of fraudulent accounts, posing substantial financial and reputational risks.Â
While we haven’t noticed any active threat actors actively targeting the Indian sub-region, the current step-by-step guide targeted Revolut - a United Kingdom-based financial technology company that offers mobile-based banking services and money transfer services. Additionally, these services are catered toward brands operating in the Cryptocurrency Industry as well, such as Gemini and LiteBit
The potential for these methods to facilitate money laundering activities is a serious concern. For organizations operating in the Banking, Financial Services, and Insurance (BFSI) sector, understanding these threats is of paramount importance.
Possible mitigation to prevent abuse are:-
The implications of these threats are far-reaching, affecting not only the security of financial transactions but also the trust that customers place in these platforms.Â
Biometric Verification has been a game-changer for customers to comply with KYC regulations. These have been imposed by Banks, Crypto, and other Fintech platforms. Video KYC, Selfie Verification are the norm now in this digital world. It can be done without the need for the customer to physically visit the bank/ authorized center for each and every KYC procedure. The following table mentions entities that have Selfie Verification enabled. Once it is completed successfully, the customers can commence operations for trading/selling on the platform.
‍
CloudSEK's Threat Intelligence Team discovered a tutorial within a Russian-speaking Cybercrime Forum, which provides a step-by-step guide on how to bypass selfie verification. While monitoring discussions on other cybercrime forums we discovered another set of using the same software to bypass Selfie verification to generate Revolut accounts.
‍
The selfie verification process takes place once the phone number is verified via OTP, with the account credentials set by the customer. Since the verification process is abused via desktop using an emulator, the app can possibly get tricked into accepting a pre-manipulated image as input to complete the verification process.
The same verification method can be abused to generate accounts, in bulk on banking platforms and finance that have enabled KYC.
‍
‍
‍
‍
‍
‍
‍
‍