Over the past few years, changing an IP address has become trivial. With thousands of proxies, VPNs, and other masking tools at their disposal, bots and malicious actors can evade simple IP-based detection methods with ease. In this new landscape, relying solely on IP reputation to block bad traffic is proving obsolete.
Real device clouds are networks of physical or emulated mobile devices often managed to run automated scripts. These can be used for various purposes: legitimate testing or research, stress testing apps, or even malicious activities. At OverpoweredJS, we’ve been focused on detecting and analyzing these real device clouds, with a special emphasis on uncovering suspicious or malicious behavior. In this post, we’ll highlight how we use the x-requested-with header and other signals to detect rooted and jailbroken devices, and how fraudsters leverage these compromised devices to carry out their exploits.