A Spanish-speaking cybercrime group named GXC Team has developed a new approach to phishing attacks. They’re offering a package deal that combines phishing kits with malicious Android apps, taking the idea of malware-as-a-service(MaaS) to the next level.
Singaporean cybersecurity company Group-IB, which has been tracking the e-crime actor since January 2023, described the crimeware solution as a “sophisticated AI-powered phishing-as-a-service platform” capable of targeting users of over 36 Spanish banks, governmental bodies and 30 institutions worldwide. The institution sells its phishing kit for $150 and $900 a month, or $500 monthly for the kit plus Android malware package deal.
What makes this method unique is that instead of using a fake page to steal credentials, victims are prompted to download a malicious Android banking app. This app, posing as a security measure, requests permission to become the default SMS app. It then intercepts one-time passwords and other messages, sending them to the attackers via Telegram.
GXC Team also offers AI-powered voice calling tools, allowing their clients to generate convincing fake financial institution calls to trick victims into providing 2FA codes or installing malicious apps.
The report highlights how AI voice cloning technology makes phishing attacks more sophisticated and challenging to detect. It also mentions the growing recognition of phishing kits with adversary-in-the-middle capabilities, lowering the technical barriers for cybercriminals.
Additionally, the article touches on different emerging phishing tendencies, such as the use of revolutionary internet apps to create convincing fake login pages and embedding pre-encoded URLs in phishing emails to avoid security scans.
Overall, this case illustrates how cybercriminals combine various technologies and approaches to create more powerful and more difficult-to-discover phishing campaigns, posing increasing challenges for cybersecurity efforts.
