Security News > 2023 > July > Mexico-Based Hacker Targets Global Banks with Android Malware
An e-crime actor of Mexican provenance has been linked to an Android mobile malware campaign targeting financial institutions globally, but with a specific focus on Spanish and Chilean banks, from June 2021 to April 2023.
"Despite using relatively unsophisticated tools, Neo Net has achieved a high success rate by tailoring their infrastructure to specific targets, resulting in the theft of over 350,000 EUR from victims' bank accounts and compromising Personally Identifiable Information of thousands of victims," Thill said.
Some of the major targets include banks such as Santander, BBVA, CaixaBank, Deutsche Bank, Crédit Agricole, and ING. Neo Net, linked to a Spanish-speaking actor residing in Mexico, has established themselves as a seasoned cybercriminal, engaging in the sales of phishing panels, compromised victim data to third-parties, and a smishing-as-a-service offering called Ankarex that's designed to target a number of countries across the world.
"These pages were designed to closely resemble genuine banking applications, complete with animations to create a convincing façade."
The threat actors have also been observed duping bank customers into installing rogue Android apps under the guise of security software that, once installed, requests SMS permissions to capture SMS-based two-factor authentication codes sent by the bank.
The development comes as ThreatFabric detailed a new Anatsa banking trojan campaign that has been targeting banking customers in the U.S., U.K., Germany, Austria, and Switzerland since the start of March 2023.
News URL
https://thehackernews.com/2023/07/mexico-based-hacker-targets-global.html
Related news
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- PixPirate Android malware uses new tactic to hide on phones (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Russian hackers target German political parties with WineLoader malware (source)