Mexican Hacker Spreads Android Banking Malware

Geost Banking Trojan

A cybercriminal entity with Mexican origins has been identified as the perpetrator of a global Android mobile malware campaign aimed at financial institutions. The campaign, which took place between June 2021 and April 2023, specifically targeted Spanish and Chilean banks.

Security researcher Pol Thill has attributed the activity to an individual known as Neo_Net. The research findings were published by SentinelOne after a collaborative Malware Research Challenge with vx-underground.

Despite using relatively unsophisticated tools, Neo_Net has achieved a significant level of success by customizing their infrastructure to target specific institutions. This approach has resulted in the theft of over 350,000 EUR from victims' bank accounts and the compromise of Personally Identifiable Information (PII) belonging to thousands of individuals, according to Thill.

Prominent banks, including Santander, BBVA, CaixaBank, Deutsche Bank, Crédit Agricole, and ING, have been among the primary targets.

Neo_Net, who is associated with a Spanish-speaking individual residing in Mexico, has established themselves as an experienced cybercriminal. They engage in the sale of phishing panels and compromised victim data to third parties. Additionally, they offer a service called Ankarex, which focuses on smishing (SMS phishing) and is designed to target multiple countries worldwide.

Attack Vector Starts With Smishing

The initial phase of the attack involves SMS phishing, in which the threat actor employs various tactics to deceive recipients into clicking on fake landing pages. These pages are used to collect and extract credentials through a Telegram bot.

Thill explained that the phishing pages created by Neo_Net are meticulously designed using their panels, PRIV8, and incorporate multiple defensive measures. These measures include blocking requests from non-mobile user agents and hiding the pages from bots and network scanners. The pages closely resemble legitimate banking applications, complete with animations to create a convincing façade.

The threat actors have also been observed tricking bank customers into installing fraudulent Android apps disguised as security software. Once installed, these apps request SMS permissions to capture two-factor authentication (2FA) codes sent by the bank via SMS.

By Zaib
July 5, 2023
Computer Security
English
July 5, 2023
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Android Malware

Exobot Android Malware

Exobot is the name of a newly discovered piece of malware that targets Android devices and exhibits features characteristic of infostealers, banking trojans, and botnets. Android malware is commonly focused on... Read more

June 13, 2022
Android Malware

MaliBot Android Malware

Security researchers have recently discovered a new banking-oriented malware that affects Android devices. The new strain is called MaliBot and is targeting customers of Spanish and Italian banks. Like most banking... Read more

June 17, 2022
Android Malware

BianLian Android Banking Trojan

BianLian is the name of a banking trojan malware that targets Android devices. The malware has been around for a while and has received a number of updates and upgrades to its malicious capabilities. The malware has... Read more

June 10, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.