July 26, 2024 at 09:36AM
The GXC Team, a Spanish-speaking cybercrime group, has bundled phishing kits with malicious Android apps, creating a sophisticated phishing-as-a-service platform. They target users of Spanish banks and institutions worldwide, using smishing and social engineering techniques. The threat also involves AI-infused voice calling tools, AI-powered voice cloning, and adversaries-in-the-middle capabilities in phishing kits.
Key takeaways from the meeting notes include:
– The GXC Team, a Spanish-speaking cybercrime group, has developed a sophisticated AI-powered phishing-as-a-service platform that targets users of Spanish banks, governmental bodies, and institutions worldwide.
– They offer phishing kits combined with Android malware on a subscription basis, priced between $150 and $900 per month.
– The group’s tactics involve persuading victims to download an Android-based banking app, enabling them to intercept SMS OTP codes and other messages for exfiltration to a Telegram bot under their control.
– They also offer AI-infused voice calling tools to enhance the scam scenarios and mimic human speech for more authentic-sounding phishing schemes.
– Phishing kits with adversary-in-the-middle (AiTM) capabilities have become popular, and the group exploits security tool encoding to evade scanning.
– Social engineering attacks have been observed, enticing users into executing obfuscated code and deploying malware like DarkGate and Lumma Stealer.
This article provides insights into the evolving tactics and technologies used by cybercriminals, highlighting the need for robust cybersecurity measures to counter these sophisticated threats.