• Fri. Oct 13th, 2023

A Mexican Hacker Stole More Than 350K Euros From Consumers of Financial Services Worldwide

Avatar photo

ByEsme Greene

Aug 11, 2023
Mexican Hacker Steals 350K Euros Globally
Esme Greene
Latest posts by Esme Greene (see all)

An entrepreneur thief made a fortune with the use of smishing, fake websites, and remote Trojan access. Between June 2021 and April 2023, a Mexican hacker going by the handle “Neo_Net” launched many cyberattacks against banks throughout the globe, focusing on those in Chile and Spain. Paul Till, a security investigator, made this claim in a recent paper that SentinelOne produced in association with VX-Underground.

What is Known About the Hack

In order to distribute a mobile virus (mixing), SMS phishing has emerged as the primary distribution strategy. In this virus, the attacker first uses phony claims of difficulties with their victims’ bank accounts to alarm them before redirecting them to bogus banking websites where they gather confidential data about their targets.

Paul Till said the phishing pages had various security features that were meticulously modified using the PRIV8 panels, including preventing requests from desktop browsers and concealing pages from bots and web crawlers.

“These pages have been designed to closely resemble real banking applications, with animations and other elements to create a compelling illusion,” the researcher continued.

The hacker also tricked bank clients into installing phony Android applications that looked like security tools but really requested access to SMS messages in order to intercept two-factor authentication credentials (2FA) supplied by the bank.

“Despite the use of relatively simple tools, Neo_Net accomplished an elevated level of success by modifying its networks for specific reasons that resulted in the theft of more than 350 thousand euros from the financial accounts of victims and the compromise of personal data of thousands of them,” Till explained.

Neo_Net is connected to a Hispanic assailant residing in Mexico. Through the sale of phishing panels, stolen victim data, and a Smishing-as-a-Service called Ankarex that targets many nations worldwide, he has established himself as a proficient cybercriminal.

Hacking Software

The Ankarex platform first became operational in May 2022. It is being widely advertised on the hacker’s 1,700+ user Telegram channel. According to a SentinelOne expert, “the service itself is available at ankarex[.]net, and after registration, users can replenish their balance with cryptocurrency transfers and start their own Smishing campaigns, indicating the content of the SMS and phone numbers of the targets.”

Notably, the news of Neo_Net’s activities broke right after the recent ThreatFabric report by researchers on the new campaign of the Anatsa Trojan (also known as TeaBot), which has been attacking bank customers in the US, UK, Germany, Austria, and Switzerland since the beginning of March 2023.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.