An e-crime actor, known as Neo_Net, has been identified as the perpetrator of an Android mobile malware campaign targeting global financial institutions, with a specific focus on Spanish and Chilean banks.
The campaign, which occurred between June 2021 and April 2023, resulted in the theft of over 350,000 EUR and the compromise of Personally Identifiable Information (PII) of thousands of victims. Major banks, including Santander, BBVA, CaixaBank, Deutsche Bank, Crédit Agricole, and ING, were among the primary targets.
Neo_Net, believed to be a Spanish-speaking individual based in Mexico, has established a reputation as an experienced cybercriminal involved in various illegal activities, such as selling phishing panels and compromised data.
They also offer a service called Ankarex, which focuses on smishing (SMS phishing) campaigns targeting multiple countries. The campaign starts with SMS phishing, using scare tactics to trick recipients into clicking on fake landing pages. These pages closely resemble legitimate banking applications and employ various defense measures to evade detection.
Additionally, the threat actors deceive bank customers by tricking them into installing rogue Android apps disguised as security software. The Ankarex platform, accessible at ankarex[.]net, allows users to launch their own smishing campaigns by specifying SMS content and target phone numbers.
This revelation coincides with a new banking trojan campaign called Anatsa (aka TeaBot), targeting customers in the U.S., U.K., Germany, Austria, and Switzerland since March 2023, as reported by ThreatFabric.