CarderPlanet
Professional
Smishing, fake websites and remote access Trojans helped the enterprising criminal make a fortune.
From June 2021 to April 2023, a Mexican hacker named "Neo_Net" conducted multiple cyber attacks on banks in different countries, especially in Spain and Chile, using malware for Android devices. This was reported by security researcher Paul Till in a recent report by SentinelOne, released in collaboration with VX-Underground.
The main method of spreading the mobile virus was SMS phishing (smishing), in which the hacker scared his victims with false messages about problems with their bank accounts and then redirected them to fake banking sites, where he collected personal data of his targets.
"Phishing pages were carefully configured using PRIV8 dashboards, and had several security measures, including blocking requests from desktop browsers and hiding pages from bots and network crawlers," explained Paul Till.
"These pages were designed to look as much like real banking apps as possible, with animations and other elements to create a convincing illusion," the researcher added.
In addition, the hacker convinced bank customers to install fake Android apps disguised as security programs, which, after installation, requested permission to access SMS messages to intercept two-factor authentication (2FA) codes sent by the bank.
"Despite using relatively simple tools, Neo_Net has achieved a high degree of success by adapting its infrastructure for specific purposes, which has led to the theft of more than 350,000 euros from victims' bank accounts and the compromise of the personal data of thousands of them," Till explained.
Neo_Net is linked to a Spanish-speaking attacker living in Mexico. He has proven himself to be an experienced cybercriminal, selling phishing dashboards, stolen victim data to third parties, and providing a Smishing-as-a-Service called Ankarex designed to target a number of countries around the world.
The Ankarex platform has been active since May 2022. It is actively promoted in the hacker's Telegram channel, which currently has about 1,700 subscribers.
"The service itself is available at ankarex. After registration, users can add funds to their balance using cryptocurrency transfers and launch their own Smishing campaigns, indicating the content of SMS messages and phone numbers of targets," the SentinelOne specialist said.
It is noteworthy that the news about the activity of Neo_Net appeared just against the background of a recent report by ThreatFabric researchers about a new campaign of the Anatsa Trojan (aka TeaBot), which since the beginning of March 2023 attacks bank customers in the United States, Great Britain, Germany, Austria and Switzerland.
From June 2021 to April 2023, a Mexican hacker named "Neo_Net" conducted multiple cyber attacks on banks in different countries, especially in Spain and Chile, using malware for Android devices. This was reported by security researcher Paul Till in a recent report by SentinelOne, released in collaboration with VX-Underground.
The main method of spreading the mobile virus was SMS phishing (smishing), in which the hacker scared his victims with false messages about problems with their bank accounts and then redirected them to fake banking sites, where he collected personal data of his targets.
"Phishing pages were carefully configured using PRIV8 dashboards, and had several security measures, including blocking requests from desktop browsers and hiding pages from bots and network crawlers," explained Paul Till.
"These pages were designed to look as much like real banking apps as possible, with animations and other elements to create a convincing illusion," the researcher added.
In addition, the hacker convinced bank customers to install fake Android apps disguised as security programs, which, after installation, requested permission to access SMS messages to intercept two-factor authentication (2FA) codes sent by the bank.
"Despite using relatively simple tools, Neo_Net has achieved a high degree of success by adapting its infrastructure for specific purposes, which has led to the theft of more than 350,000 euros from victims' bank accounts and the compromise of the personal data of thousands of them," Till explained.
Neo_Net is linked to a Spanish-speaking attacker living in Mexico. He has proven himself to be an experienced cybercriminal, selling phishing dashboards, stolen victim data to third parties, and providing a Smishing-as-a-Service called Ankarex designed to target a number of countries around the world.
The Ankarex platform has been active since May 2022. It is actively promoted in the hacker's Telegram channel, which currently has about 1,700 subscribers.
"The service itself is available at ankarex. After registration, users can add funds to their balance using cryptocurrency transfers and launch their own Smishing campaigns, indicating the content of SMS messages and phone numbers of targets," the SentinelOne specialist said.
It is noteworthy that the news about the activity of Neo_Net appeared just against the background of a recent report by ThreatFabric researchers about a new campaign of the Anatsa Trojan (aka TeaBot), which since the beginning of March 2023 attacks bank customers in the United States, Great Britain, Germany, Austria and Switzerland.
