Today > vulnerabilities   -   You can now download lists of IOCs here!

GXC Team Unmasked: The cybercriminal group targeting Spanish bank users with AI-powered phishing tools and Android malware

July 29, 2024, 12:34 p.m.

Tags
phishing
android
banking
spain
2024-07-29
External References
Description

Group-IB discovered a Spanish-speaking criminal group, GXC Team, offering a sophisticated AI-powered phishing-as-a-service platform targeting Spanish bank customers. The group specialized in developing phishing kits, Android malware, and AI-powered scam tools. Their malicious Android app, disguised as a banking application, was designed to intercept OTP codes, affecting users of over 36 Spanish banks and 30 institutions worldwide. Despite not being highly sophisticated, GXC Team's innovative features, such as bundling phishing kits with the Android malware and an AI-powered voice caller, made them a severe threat to banking security in Spain.

Date

Published: July 29, 2024, 12:03 p.m.

Created: July 29, 2024, 12:03 p.m.

Modified: July 29, 2024, 12:34 p.m.

Indicators

e65c24d6e5f883ca02f79edc0bd4fdbd28dc130f11fdbca75b7fd26b2587bfa4

e047f13914278ad4e5cc63d30cfdac56cf20f86d3a4cf26414001e9aed5f9875

b1b0eb10002669be6b32792a196227f1d595e26b0039e719ef9357e2b8f5361b

9c718529f37a6c3ea0b128a8c15a1d1950bb350a9b5039c770651b8b73393007

ae2976f99876605df0e043ac62081af43426286ec5759dc3eca080e26cb16b97

944f0568ce0394b4db3fd618d6f1a0c53f94712f91fa162a4f28b1f93ad9f18f

492682f877607ee99df2ddd2bd5953fd727bdf6e19d397de9dbbafd582bcad75

402544c3c74924c7a9f355108f474fd3b0d643a38aba45c933d880b1c2a206de

2826a1c5ed1456ba00421ffdd4e331c691b39fc0334f4590eb860c38452d606b

05a5cf0d0eb2a224d0326f2ac95a2d60ca9935d015070ed17439c2dd7a79d50c

www.incidencia-404.com

www.es-enter.com

www.direct-cuentas.com

www-laboraikutxa.com

www-bancasabadell.com

www-banca-sabadell.com

unicajabanco.es-info.su

openbank.es-clientes.su

santander.esp-aviso.com

santander-empresas.grupo-inicios.com

lng-direct.es-miparticulares.com

laboralkutxa.es-usuarios.online

laboralkutxa.es-users.com

ing.home-html.com

ing.direct-usuario.com

dg.esmas.online

deutschbank.es-infos.su

caixaenginyers.es-cuentas.su

bancosantander.es-web.su

bancobbva.es-online.su

bancaminos.tuscaminos.com

bancamarch.es-acceso.su

banca.grupocajarural-esp.com

arquiabanca.es-accesos.su

z-sms.online

usuario-e.com

uk-lives.su

tuscamino.com

tuscaminos.com

targobank-verificaciones.com

targobank-verificacion.com

supportfbappeal.com

seguridad-mibbva.com

seguridad-eurocaja.com

seguridad-mi-abanca.com

renta4banconets.club

renta4banconet.club

r4banconet.club

opensbank.com

movil-abanca.online

mioficina-es.com

micorreos-notificacion.com

micorreo-notificacion.com

micorreo-aviso.com

mibanca-bankinter.com

mi-satander.com

mi-sabadell.com

mi-laboralkutxa.com

mi-laboraikutxa.com

mi-kutxabank.com

mi-evobanco.com

mi-deutschebank.com

mi-deustsche-bank.com

mi-bankinter.com

mi-caixabanca.com

mi-bancsabadell.com

mi-abanca.com

libersbanknets.club

liberbanksnet.club

liberbankorg.club

liberbanknets.club

liberbankis.club

liberbankiorg.club

liberbankes.club

liberbanconet.club

laboraikuxta-usuarios.com

laborakutxa-usuario.com

laboraikutxa-web.com

incidencia-404.com

laboraikutxa-usuario.com

hu-alert.online

home-html.com

hanseaticsbank-da.com

hanseaticbank.su

grupos-inicio.com

grupocajarural-esp.com

grupo-inicios.com

f-fb-watch.com

etherscamorg.club

esp-avisos.com

esp-aviso.com

es-web.su

es-usuarios.online

es-users.com

es-saldo.su

es-registros.com

es-online.su

es-particular-es.com

es-miparticulares.com

es-miempresas.com

es-live.su

es-lives.su

es-iniciar.online

es-info.su

es-infos.su

es-html.com

es-funcion.su

es-funciones.su

es-entra.online

es-cuentas.su

es-enter.com

es-cuenta.su

es-clientes.su

es-actualizacion.su

es-bsnacional.com

es-accesos.su

es-acceso.su

eligecamino.com

dispositivo-triodos.com

direct-usuario.com

direct-cuentas.com

cancelar-recibos.net

cornerbanks-ch.com

cuenta-app.com

cancelacion-transferencias.net

caixaeginyers.com

cajamar-verificacion.com

caixabank-particular.com

binacenow.com

binacefull.net

binacefull.biz

binaceeasy.com

be-ceca.com

binacecoin.net

bbvaempresa-es.com

bbva-seguridad-es.com

bbvacuentaonline.su

bbva-atencion-cliente.com

bankinter-banca.com

bankinter-ingreso.com

bancsabadell-esp.com

bancosantander-empresas.net

bancosantander-empresa.net

bancasantander-es-empresa.com

bancasantander-empresas.com

bancasantander-empresa.com

bancasantander-empresa-es.com

bancasantander-app.com

bancaminos.com

bancaminos-es.online

banca-laboraikutxa.com

banca-deutsche.com

banca-arquia.com

aviso-laboralkutxa.com

aviso-bbva.com

au-myposts.com

au-lives.su

andbank.club

antifraudes-es.com

amazon-cuentas.com

abanca-usuario.com

Download all indicators here!

Attack Patterns

GXC Team

Additional Informations

Finance

Slovakia

Spain

United Kingdom of Great Britain and Northern Ireland

Brazil

United States of America