By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Security Parrot - Cyber Security News, Insights and ReviewsSecurity Parrot - Cyber Security News, Insights and Reviews
Notification
Latest News
OpenAI may use Associated Press archive for AI training
July 14, 2023
EU users can hold conversations with Google Bard from training set
July 14, 2023
Aptos, the new default font for Microsoft Office
July 14, 2023
BlackLotus UEFI bootkit sources published on GitHub
July 14, 2023
Hackers from the XDSpy cyber-espionage group attacked Russian organizations on behalf of the Ministry of Emergency Situations
July 14, 2023
Aa
  • News
  • Tutorials
  • Security InsiderComing Soon
  • Expert InsightComing Soon
Reading: Mexican man stole over 350,000 euros from bank accounts using SMS phishing
Share
Security Parrot - Cyber Security News, Insights and ReviewsSecurity Parrot - Cyber Security News, Insights and Reviews
Aa
Search
  • News
  • Tutorials
  • Security InsiderComing Soon
  • Expert InsightComing Soon
Follow US
Security Parrot - Cyber Security News, Insights and Reviews > News > Mexican man stole over 350,000 euros from bank accounts using SMS phishing
News

Mexican man stole over 350,000 euros from bank accounts using SMS phishing

Last updated: 2023/07/06 at 1:49 AM
Security Parrot Editorial Team Published July 6, 2023
Share
SHARE

Neo_Net: The Hispanic Hacker Behind a Series of Financial Institution Attacks

SentinelOne experts have linked the attacker, known as Neo_Net, to a series of attacks on financial institutions around the world, with a special focus on Spanish and Chilean banks. The campaign ran from June 2021 to April 2023 using SMS phishing and Android malware.
The analysis of Neo_Net activity was published jointly with vx-underground as part of the Malware Research Challenge, in which security researchers were invited to showcase previously unpublished work, showcase their talents, and bring their ideas to a wider audience.

Targets of Neo_Net

According to the researchers, Neo_Net’s main targets were banks such as Santander, BBVA, CaixaBank, Deutsche Bank, Crédit Agricole and ING.

Neo_Net’s Tactics

Neo_Net is a Hispanic hacker based in Mexico who has proven himself to be a skilled cybercriminal. It mainly specializes in selling phishing panels and data stolen from victims to third parties, and also offers smishing (SMS phishing) as a service under the “brand” Ankarex.
The starting point for multi-stage Neo_Net attacks is often smishing, for which the hacker uses various scare tactics. The attacker seeks to deceive message recipients and force them to go to fake landing pages, thus obtaining and stealing their credentials through a Telegram bot.
“The phishing pages are carefully configured using the Neo_Net, PRIV8 panels, and come with numerous security measures, including blocking requests from non-mobile user agents and hiding pages from bots and web crawlers,” the experts write.
The attackers also tricked bank customers into installing malicious apps for Android, passing them off as security software. Once installed, this malware requested permission to access SMS in order to receive two-factor authentication (2FA) codes sent by the bank.
Regarding the Ankarex platform, it has been active since May 2022. It is actively advertised in the Telegram channel, which at the time of this writing had about 1,700 subscribers.
“The service itself is available on ankarex[.]net, and after registration, users can deposit funds using cryptocurrency transfers and launch their own smishing campaigns by specifying the content of SMS messages and target phone numbers,” experts say.
The researchers conclude that Neo_Net is quite successful despite using relatively simple tools. Its effectiveness is built on tailoring the infrastructure to specific targets, and as a result, these campaigns have led to the theft of more than 350,000 euros from the bank accounts of the victims and the compromise of the personal data of several thousand people.

Neo_Net: The Hispanic Hacker Behind a Series of Financial Institution Attacks

Financial institutions around the world have been the target of a series of attacks by a Hispanic hacker known as Neo_Net. The campaign ran from June 2021 to April 2023 using SMS phishing and Android malware, and had a special focus on Spanish and Chilean banks.
SentinelOne experts and vx-underground have jointly published an analysis of Neo_Net activity as part of the Malware Research Challenge. The challenge invited security researchers to showcase previously unpublished work, showcase their talents, and bring their ideas to a wider audience.

Targets of Neo_Net

According to the researchers, Neo_Net’s main targets were banks such as Santander, BBVA, CaixaBank, Deutsche Bank, Crédit Agricole and ING.

Neo_Net’s Tactics

Neo_Net is a Hispanic hacker based in Mexico who has proven himself to be a skilled cybercriminal. It mainly specializes in selling phishing panels and data stolen from victims to third parties, and also offers smishing (SMS phishing) as a service under the “brand” Ankarex.
The starting point for multi-stage Neo_Net attacks is often smishing, for which the hacker uses various scare tactics. The attacker seeks to deceive message recipients and force them to go to fake landing pages, thus obtaining and stealing their credentials through a Telegram bot.
“The phishing pages are carefully configured using the Neo_Net, PRIV8 panels, and come with numerous security measures, including blocking requests from non-mobile user agents and hiding pages from bots and web crawlers,” the experts write.
The attackers also tricked bank customers into installing malicious apps for Android, passing them off as security software. Once installed, this malware requested permission to access SMS in order to receive two-factor authentication (2FA) codes sent by the bank.
Regarding the Ankarex platform, it has been active since May 2022. It is actively advertised in the Telegram channel, which at the time of this writing had about 1,700 subscribers.
“The service itself is available on ankarex[.]net, and after registration, users can deposit funds using cryptocurrency transfers and launch their own smishing campaigns by specifying the content of SMS messages and target phone numbers,” experts say.
The researchers conclude that Neo_Net is quite successful despite using relatively simple tools. Its effectiveness is built on tailoring the infrastructure to specific targets, and as a result, these campaigns have led to the theft of more than 350,000 euros from the bank accounts of the victims and the compromise of the personal data of several thousand people.
Neo_Net is a sophisticated hacker who has been able to successfully target financial institutions around the world. His tactics of using SMS phishing and Android malware have proven to be effective, and his Ankarex platform has been used to launch smishing campaigns and steal data from victims.
The researchers urge financial institutions to be aware of the threat posed by Neo_Net and to take steps to protect their customers from his attacks. Banks should ensure that their customers are aware of the dangers of smishing and other forms of phishing, and should also take measures to protect their customers’ data from being stolen. Banks should also ensure that their security systems are up to date and that they are able to detect and respond to any suspicious activity.

Weekly Updates For Our Loyal Readers!

Security Parrot Editorial Team July 6, 2023
Share this Article
Facebook Twitter Email Copy Link Print

Archives

  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • February 2023
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020

You Might Also Like

News

OpenAI may use Associated Press archive for AI training

July 14, 2023
News

EU users can hold conversations with Google Bard from training set

July 14, 2023
News

Aptos, the new default font for Microsoft Office

July 14, 2023
News

BlackLotus UEFI bootkit sources published on GitHub

July 14, 2023

© 2022 Parrot Media Network. All Rights Reserved.

  • Home
  • Parrot Media Group
  • Privacy Policy
  • Terms and Conditions
Join Us!

Subscribe to our newsletter and never miss our latest news, podcasts etc..

Zero spam, Unsubscribe at any time.

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?