Global banks impacted by Android malware attacks

Financial services organizations around the world, especially banks in Spain and Chile, have been subjected to an Android malware campaign by the Mexico-based threat actor Neo_Net between June 2021 and April 2023, reports The Hacker News. More than 350,000 EUR in funds and thousands of victims' personally identifiable information have been compromised in the campaign, which was targeted at BBVA, CaixaBank, Credit Agricole, Deutsche Bank, ING, and Santander, among others, according to a report by cybersecurity researcher Pol Thill published by SentinelOne following a challenge done in partnership with vx-underground. SMS phishing messages were sent by Neo_Net to lure victims into clicking into fake pages resembling genuine banking apps, wherein their credentials are exfiltrated by a Telegram bot. Victims have also been tricked to install malicious Android apps as security software, which would then enable the collection of two-factor authentication codes. Neo_Net has also leveraged the Ankarex smishing-as-a-service tool to enable its operations, the report noted.