Security News > 2023 > July > Mexico-Based Hacker Targets Global Banks with Android Malware

An e-crime actor of Mexican provenance has been linked to an Android mobile malware campaign targeting financial institutions globally, but with a specific focus on Spanish and Chilean banks, from June 2021 to April 2023.

"Despite using relatively unsophisticated tools, Neo Net has achieved a high success rate by tailoring their infrastructure to specific targets, resulting in the theft of over 350,000 EUR from victims' bank accounts and compromising Personally Identifiable Information of thousands of victims," Thill said.

Some of the major targets include banks such as Santander, BBVA, CaixaBank, Deutsche Bank, Crédit Agricole, and ING. Neo Net, linked to a Spanish-speaking actor residing in Mexico, has established themselves as a seasoned cybercriminal, engaging in the sales of phishing panels, compromised victim data to third-parties, and a smishing-as-a-service offering called Ankarex that's designed to target a number of countries across the world.

"These pages were designed to closely resemble genuine banking applications, complete with animations to create a convincing façade."

The threat actors have also been observed duping bank customers into installing rogue Android apps under the guise of security software that, once installed, requests SMS permissions to capture SMS-based two-factor authentication codes sent by the bank.

The development comes as ThreatFabric detailed a new Anatsa banking trojan campaign that has been targeting banking customers in the U.S., U.K., Germany, Austria, and Switzerland since the start of March 2023.

News URL

https://thehackernews.com/2023/07/mexico-based-hacker-targets-global.html