Security researcher Pol Till has identified a Mexico-based hacker known as Neo_Net as the mastermind behind a string of cyberattacks targeting global banks.
According to Thill’s findings, published by SentinelOne after a malware research challenge in partnership with vx-underground, Neo_Net utilized sophisticated Android malware to compromise the security of numerous financial institutions around the world.
Neo_Net’s campaign ran from June 2021 to April 2023 and focused on prominent banks from various countries, with a particular focus on Spanish and Chilean financial institutions. Notable targets for cybercrime include Santander, BBVA, and CaixaBank.
Despite using relatively simple tools, Neo_Net has been remarkably successful, stealing more than €350,000 ($382,153) from victims’ bank accounts and compromising the personal information of thousands. I was.
The hacker’s attack strategy revolved around deploying SMS phishing messages disguised as legitimate communications from a trusted financial institution. These carefully crafted messages tricked victims into revealing sensitive credentials.
Read more about similar attacks: Experts warn of epidemic of ‘SMS pumping’ scams
Neo_Net also developed and distributed an Android Trojan disguised as a security application to exploit the trust of unwitting victims to access banking information.
Thill explained that Neo_Net’s operation stands out thanks to its Smithing-as-a-Service platform called Ankarex. This allowed us to rent our infrastructure to multiple affiliates. This strategy has allowed cybercriminals to expand their reach and successfully carry out attacks in different countries.
Additionally, Neo_Net further monetized its criminal activity by selling compromised victim data to interested third parties.
“The success of their campaigns may be attributed to the highly targeted nature of their campaigns, often focusing on a single bank and copying its communications to impersonate a bank agent. there is,” writes SentinelOne.
“Additionally, due to the simplicity of SMS spyware, it can be difficult to detect as it only requires permission to send and view SMS messages.”
According to SentinelOne, these campaigns highlight the vulnerability of multi-factor authentication (MFA) when relying on SMS and the need for more robust safeguards such as physical tokens and external applications to reliably prevent evasion. is emphasized.
