Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Neo_Net Hackers Group Targeting users of prominent banks globally

A Spanish-based threat actor Neo_Net has conducted campaigns against financial institutions and banks and achieved the highest success rate in spite of its unsophisticated tools.

The campaign has compromised a significant amount of Personally Identifiable Information (PII), including telephone numbers, national identity numbers, and names of thousands of victims.

Neo_Net has established and rented out a wide-ranging infrastructure, including phishing panels and Android trojans, to multiple affiliates, sold compromised victim data to third parties, and launched a successful Smishing-as-a-Service offering to target various countries worldwide.

As per the latest malware research conducted by SentinelOne with VX underground, they have shared the report regarding Neo_Net.

Tactics Used in Campaign

The campaign utilizes Ankarex, its smashing, as a service platform for targeting the victims through messages which contain Sender IDs (SIDs) to create an illusion of authenticity and impersonate reputable financial institutions.

These sms manipulate the victims by claiming that an unauthorized device had accessed the victim’s account or that their card had been temporarily limited due to security concerns.

The messages also contained a hyperlink to the threat actor’s phishing page.

The phishing pages look like legit banking sites that were implemented with multiple defense measures, including blocking requests from non-mobile user agents and concealing the pages from bots and network scanners. 

Once the user submits the details, information will be exfiltrated to a designated Telegram chat via the Telegram Bot API, granting the threat actors unrestricted access to the stolen data, including the victims’ IP addresses and user agents.

Then threat actors coaxed victims into installing a purported security application for their bank account on their Android devices to circumvent the Multi-Factor Authentication (MFA) mechanisms.

The exfiltrated messages could then be utilized to bypass MFA on the targeted accounts by capturing One-Time Passwords (OTPs). 

The threat actors were also observed making direct phone calls to victims, possibly impersonating bank representatives and deceiving victims into installing Android spyware or divulging OTPs.The funds illicitly acquired from victims during the course of the year-long operation amounted to a minimum of 350,000 EUR. Through his contributions on Telegram, Neo_Net has been linked to the “macosfera(.)com” forum, a Spanish-language IT forum.

Copyright 2021 Associated Press. All rights reserved.

Source: https://cybersecuritynews.com/neo_net-targeting-bank-users/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

In recent findings from Check Point Research, a significant phishing attack targeting more than 40 prominent Colombian companies has been uncovered.  The attackers behind this campaign...

Cyber Security

According to recent reports, a threat actor has compromised the confidential information of 3,200 Airbus vendors. The exposed data includes sensitive details such as...

Cyber Security

A group of Researchers unearthed critical code Proton Mail vulnerabilities that could have jeopardized the security of Proton Mail, a renowned privacy-focused webmail service. ...

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO