Recently, the Investigation Police Agency of Thai Binh Province Police has issued a Decision to initiate criminal proceedings, prosecuting 21 defendants for gambling and money laundering.

This line operates sophisticatedly, notably using artificial intelligence (AI) technology for the first time to commit crimes in Vietnam.

The investigation agency determined that the website "KUBET", with a server abroad, organized many forms of betting and gambling for money through games such as lottery, football betting, and over/under. Players created accounts via phone and linked their banks to deposit/withdraw money.

At the time of the raid, there were more than 1 million accounts with an estimated gambling amount of more than 1,000 billion VND.

In addition to gambling, the subjects also laundered money, hiring people to open bank accounts in Vietnam for players to deposit money. Then, the subjects in Taiwan (China) controlled computers connected to phones with pre-installed banking applications to transfer money through many different accounts to conceal the origin.

In particular, for transactions of 10 million VND or more requiring biometric scanning, the subjects created AI clips of the account owner's face to bypass this security layer without the account owner having to do it directly.

So how can criminals bypass biometric authentication on banking apps?

Speaking with Dan Tri newspaper reporter, Mr. Vu Ngoc Son, Head of Technology Department (National Cyber ​​Security Association) commented that the subjects may have used rooted Android phones.

Rooting a phone is a term used to refer to phones that have been modified or modified so that users (here, criminals) can gain root access on the device.

In fact, root access is often locked by manufacturers or Android operating systems to ensure system and data security. However, with some Android phones, getting root access is not difficult, especially when the phone is in the hands of criminals.

Accordingly, with these rooted phones, the subject will set up a virtual camera, which is essentially a software but is "labeled" as a camera to attack applications on rooted phones. Instead of taking images from the physical camera, it will be taken through the virtual camera.

“In this way, the subjects will use available videos (or AI-generated) to trick the banking app into thinking that the user is authenticating biometrically. From there, they can bypass the banking app. At this time, with the banking app, the signal received from the virtual camera is no different from that from the physical camera, so it still allows biometric authentication as usual,” Mr. Son explained.

It can be said that the war on fraud is a war between people and people, technological solutions are very important, but not everything. People need alertness and vigilance from the end users themselves.

Mr. Son also noted that not all banking apps can be bypassed this way because some additional techniques are added to prevent counterfeiting.

Source: https://dantri.com.vn/cong-nghe/vu-danh-bac-1000-ty-dong-toi-pham-qua-mat-sinh-trac-hoc-bang-cach-nao-20250530175208465.htm