Mexican Hacker Disrupts Global Banks with Android Malware
In a striking demonstration of the global reach of cybercrime, a Mexican Hacker recently launched a series of targeted attacks on major banks worldwide,
A security researcher named Pol Thill has identified a Mexican Hacker from Mexico named Neo_Net as the person responsible for a series of cyber-attacks on global banks. Thill’s findings, published by SentinelOne in collaboration with vx-underground, show that Neo_Net used advanced Android malware to breach the security of many financial institutions around the world.
Neo_Net carried out these attacks from June 2021 to April 2023, primarily targeting well-known banks in different countries, especially those in Spain and Chile. Some notable banks that were affected include Santander, BBVA, and CaixaBank.
Despite using simple tools, Neo_Net achieved significant success by stealing more than €350,000 ($382,153) from victims’ bank accounts and compromising the personal information of thousands of people.
The hacker’s strategy involved sending fake text messages that looked like legitimate messages from trusted financial institutions. These deceptive messages tricked victims into revealing their sensitive login information.
Neo_Net developed and spread Android Trojans that looked like security apps, tricking unsuspecting individuals into downloading them and granting access to their banking information.
How It work ?
Thill highlighted Neo_Net’s unique approach with Ankarex, a Smishing-as-a-Service platform. This platform allowed Neo_Net to rent out his infrastructure to multiple affiliates, expanding his operations and executing successful attacks in different countries.
Furthermore, Neo_Net generated profits by selling the compromised victim data to interested parties.
SentinelOne emphasized that Neo_Net’s success in their campaigns stems from their highly targeted nature, as they often focus on a single bank and mimic their communications to impersonate bank representatives.
Moreover, SMS spyware, like the one used by Neo_Net, is difficult to detect as it only requires permission to send and view SMS messages.
According to the report these campaigns highlight the vulnerability of multi-factor authentication (MFA) reliant on SMS and emphasize the need for stronger safeguards, such as physical tokens or external applications, to ensure better protection against circumvention, Read more about similar attacks