Back

GXC Team Unmasked: The cybercriminal group targeting Spanish bank users with AI-powered phishing tools and Android malware

July 29, 2024, 12:34 p.m.

Tags

phishing
android
banking
spain
2024-07-29

External References

https://www.group-ib.com/

https://otx.alienvault.com/

Description

Group-IB discovered a Spanish-speaking criminal group, GXC Team, offering a sophisticated AI-powered phishing-as-a-service platform targeting Spanish bank customers. The group specialized in developing phishing kits, Android malware, and AI-powered scam tools. Their malicious Android app, disguised as a banking application, was designed to intercept OTP codes, affecting users of over 36 Spanish banks and 30 institutions worldwide. Despite not being highly sophisticated, GXC Team's innovative features, such as bundling phishing kits with the Android malware and an AI-powered voice caller, made them a severe threat to banking security in Spain.

Date

Published Created Modified
July 29, 2024, 12:03 p.m. July 29, 2024, 12:03 p.m. July 29, 2024, 12:34 p.m.

Indicators

e65c24d6e5f883ca02f79edc0bd4fdbd28dc130f11fdbca75b7fd26b2587bfa4

e047f13914278ad4e5cc63d30cfdac56cf20f86d3a4cf26414001e9aed5f9875

b1b0eb10002669be6b32792a196227f1d595e26b0039e719ef9357e2b8f5361b

9c718529f37a6c3ea0b128a8c15a1d1950bb350a9b5039c770651b8b73393007

ae2976f99876605df0e043ac62081af43426286ec5759dc3eca080e26cb16b97

944f0568ce0394b4db3fd618d6f1a0c53f94712f91fa162a4f28b1f93ad9f18f

492682f877607ee99df2ddd2bd5953fd727bdf6e19d397de9dbbafd582bcad75

402544c3c74924c7a9f355108f474fd3b0d643a38aba45c933d880b1c2a206de

2826a1c5ed1456ba00421ffdd4e331c691b39fc0334f4590eb860c38452d606b

05a5cf0d0eb2a224d0326f2ac95a2d60ca9935d015070ed17439c2dd7a79d50c

www.incidencia-404.com

www.es-enter.com

www.direct-cuentas.com

www-laboraikutxa.com

www-bancasabadell.com

www-banca-sabadell.com

Attack Patterns

GXC Team

Additional Informations

Finance

Slovakia

Spain

United Kingdom of Great Britain and Northern Ireland

Brazil

United States of America