ACCORDING to Group-IB, cloud phone technology has evolved from social media automation into infrastructure that supports financial crime, with the new report published on 25 March 2026 highlighting how remote Android devices hosted in data centres are used in fraud operations.
Cloud phones are remote-access devices that run real mobile operating systems and hardware but are accessed via the internet, and because they behave like legitimate smartphones, fraud detection systems often cannot distinguish them from real user devices.
The research traces the technology’s development from single-device control of multiple accounts to emulator use, physical phone farms, and now affordable cloud-based services that can be rented, enabling users to operate multiple devices remotely without owning hardware. Fraud investigators found cloud phones are used to create dropper accounts to receive and transfer stolen funds; in the UK, Authorized Push Payment fraud losses reached £485.2m in 2022, with dropper accounts identified as a major contributor.
The report notes that traditional device fingerprinting is less effective against cloud phones, and it recommends a multi-layered approach combining device fingerprinting with network intelligence, behavioural modelling and graph-based risk analysis.