There is a growing number of fraudulent schemes in which criminals use device farms, also known as fraud farms , as well as bot farms, to carry out malicious and other actions with mobile gaming applications.
They are usually located in Central and South Asian countries and are rooms “stuffed” with dozens of smartphones. All devices are controlled by one or more operators manually or with the help of automated software.
Typically, they are used by game developers to test their apps. However, they scale, automate, and simplify the work of not only app owners, but also attackers to commit fraudulent actions with mobile games. And geolocation spoofing is one of the key success factors in this scheme.
Device farms are used for the following types of fraud:
In mobile games where there is player development and skill development, one of the most common schemes is collusion between players. Fraudsters use hundreds of smartphones to jointly level up characters and abuse other game elements in order to deceive other players and the applications themselves.
For example, fraud experts from Incognia analyzed 3.1 million users of one of the largest mobile gaming apps in the world with a total of 70+ million users. They managed to find more than 100 suspicious geolocations indicating the possible use of fraudulent farms, and more than 50 thousand suspicious accounts.
With their help, fraudsters can hide the location of farms and bypass standard cybersecurity filters that check only GPS or IP addresses. That is why experts recommend blocking any fake traffic that uses fake IP addresses, VPNs, and proxies as one of the methods to combat fraud. To do this, you should primarily focus on the data received from the device's sensors (GPS, Wi-Fi, and cellular networks). You can also block traffic coming from emulators.
They are usually located in Central and South Asian countries and are rooms “stuffed” with dozens of smartphones. All devices are controlled by one or more operators manually or with the help of automated software.
- Fully automated farms: all smartphones are connected to an automated network and fraud is carried out on an industrial scale.
- Manual farms: operators manually perform various actions on the phone (press buttons, enter data, control players, etc.).
Typically, they are used by game developers to test their apps. However, they scale, automate, and simplify the work of not only app owners, but also attackers to commit fraudulent actions with mobile games. And geolocation spoofing is one of the key success factors in this scheme.
Device farms are used for the following types of fraud:
- Collusion between players in mobile gaming applications (leveling up players, mining gold, searching for and selling rare items, etc.).
- Create fake interactions and fake profiles on social media apps.
- Mobile ad click fraud and fake app installs.
In mobile games where there is player development and skill development, one of the most common schemes is collusion between players. Fraudsters use hundreds of smartphones to jointly level up characters and abuse other game elements in order to deceive other players and the applications themselves.
For example, fraud experts from Incognia analyzed 3.1 million users of one of the largest mobile gaming apps in the world with a total of 70+ million users. They managed to find more than 100 suspicious geolocations indicating the possible use of fraudulent farms, and more than 50 thousand suspicious accounts.
How scammers fake geolocation
To hide the real location of the devices and the fact that they are all in the same place, the scammers fake the location of each smartphone. To do this, they use the following methods and technologies:- proxy servers,
- fake IP addresses,
- VPN,
- emulators that simulate real devices.
With their help, fraudsters can hide the location of farms and bypass standard cybersecurity filters that check only GPS or IP addresses. That is why experts recommend blocking any fake traffic that uses fake IP addresses, VPNs, and proxies as one of the methods to combat fraud. To do this, you should primarily focus on the data received from the device's sensors (GPS, Wi-Fi, and cellular networks). You can also block traffic coming from emulators.
