A Spanish-speaking cybercrime group called GXC Team has been observed bundling phishing kits with malicious Android applications. This is a level of service known as malware-as-a-service (MaaS).
The phishing kit costs between $150 and $900 per month, while the bundle including the kit and Android malware costs around $500 per month. The targets include users of Spanish financial institutions, government services, e-commerce, banks, and cryptocurrency exchanges in several countries, including the United States, the United Kingdom, Slovakia, and Brazil.
The group also sells stolen banking credentials and offers custom coding-for-hire schemes for other cybercriminal groups targeting banking, financial, and cryptocurrency businesses.
Instead of directly using a fake page to grab credentials, the threat actors urge victims to download an Android-based banking app to prevent phishing attacks. The app requests permission to be configured as the default SMS app, allowing it to intercept one-time passwords (OTPs) and exfiltrate them to a Telegram bot controlled by the attackers.
The group also offers AI-infused voice calling tools that allow customers to generate voice calls to prospective targets based on prompts from the phishing kit. These calls typically masquerade as originating from a bank, instructing users to provide their two-factor authentication (2FA) codes, install malicious apps, or perform other arbitrary actions.
Employing this mechanism enhances the scam scenario and demonstrates how rapidly AI tools are adopted and implemented by criminals in their schemes, transforming traditional fraud scenarios into new, more sophisticated tactics.
The group’s services include phishing kits with adversary-in-the-middle (AiTM) capabilities, which have become popular as they lower the technical barrier to entry for pulling off phishing campaigns at scale.
Source: https://thehackernews.com/2024/07/spanish-hackers-bundle-phishing-kits.html?m=1