From Phishing to Android Malware: Inside GXC Team’s Cybercrime Empire

Phishing to Android Malware
July 29, 2024 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS

A Spanish-speaking group known as GXC Team is pushing the boundaries by bundling phishing kits with malicious Android applications, redefining the concept of malware-as-a-service (MaaS).

Singaporean cybersecurity firm Group-IB, monitoring this group since January 2023, describes their crimeware as a “sophisticated AI-powered phishing-as-a-service platform,” targeting users from over 36 Spanish banks and various global institutions.

GXC Team offers their phishing kit at prices ranging from $150 to $900 monthly. However, the full package, including the phishing kit and Android malware, is available for about $500 per month on a subscription basis.

An Ingenious Phishing Tactic: Fake Banking App That Steals OTPs

What distinguishes GXC Team is their innovative use of SMS OTP stealer malware paired with phishing kits. Unlike traditional phishing that directly lures victims to fake pages to capture credentials, GXC Team tricks users into downloading a seemingly legitimate Android banking app to “prevent phishing attacks.”

These deceptive pages are spread through smishing and other methods. Once installed, the app requests permissions to become the default SMS app, enabling it to intercept one-time passwords (OTPs) and other messages, forwarding them to a Telegram bot controlled by the group.

An announcement GXC team 1 63 Sats Cybersecurity India

A screenshot of an announcement from GXC about the AI-powered voice caller feature on their Telegram channel (Source Group IB)

AI-Infused Deception: Sophisticated Voice Scam Tactics

Adding another layer of sophistication, GXC Team employs AI-infused voice calling tools accessible via a dedicated Telegram channel. These tools allow cybercriminals to generate automated voice calls to potential targets, masquerading as bank representatives. During these calls, victims are prompted to provide 2FA codes, install malicious apps, or perform other actions beneficial to the scammers. This use of AI enhances the authenticity of their scams, demonstrating how criminals can quickly adapt new technologies to craft convincing fraud scenarios.

Impact of AI in Cybercrime

The integration of AI in their phishing kit further exemplifies how swiftly and efficiently cybercriminals can adopt new technologies. Victims receive calls that appear to be from their banks, instructing them to divulge sensitive information or download disguised malware. This approach not only makes the scam more credible but also showcases how AI can transform traditional fraud into sophisticated, hard-to-detect schemes.

Editorial opinion:

GXC Team’s tactics highlight the increasing complexity of cybercrime. Their use of AI-powered tools and sophisticated phishing techniques underscores the need for heightened vigilance and advanced cybersecurity measures. By staying informed about these emerging threats, individuals and organizations can better protect themselves against the ever-changing landscape of cybercrime.