← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
GXC Team Unmasked: The cybercriminal group targeting Spanish bank users with AI-powered phishing tools and Android malware
Group-IB discovered a Spanish-speaking criminal group, GXC Team, offering a sophisticated AI-powered phishing-as-a-service platform targeting Spanish bank customers. The group specialized in developing phishing kits, Android malware, and AI-powered scam tools. Their malicious Android app, disguised as a banking application, was designed to intercept OTP codes, affecting users of over 36 Spanish banks and 30 institutions worldwide. Despite not being highly sophisticated, GXC Team's innovative features, such as bundling phishing kits with the Android malware and an AI-powered voice caller, made them a severe threat to banking security in Spain.
Indicators of Compromise (163)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 8f9a75c2dad91b67582074fbca39894c | — | 2024-07-29 | |
| FileHash-SHA1 | 560bc51ba9c1a398dd9474b068e351117fde2fca | — | 2024-07-29 | |
| FileHash-SHA256 | 05a5cf0d0eb2a224d0326f2ac95a2d60ca9935d015070ed17439c2dd7a79d50c | — | 2024-07-29 | |
| FileHash-SHA256 | 2826a1c5ed1456ba00421ffdd4e331c691b39fc0334f4590eb860c38452d606b | — | 2024-07-29 | |
| FileHash-SHA256 | 402544c3c74924c7a9f355108f474fd3b0d643a38aba45c933d880b1c2a206de | — | 2024-07-29 | |
| FileHash-SHA256 | 492682f877607ee99df2ddd2bd5953fd727bdf6e19d397de9dbbafd582bcad75 | — | 2024-07-29 | |
| FileHash-SHA256 | 944f0568ce0394b4db3fd618d6f1a0c53f94712f91fa162a4f28b1f93ad9f18f | — | 2024-07-29 | |
| FileHash-SHA256 | 9c718529f37a6c3ea0b128a8c15a1d1950bb350a9b5039c770651b8b73393007 | — | 2024-07-29 | |
| FileHash-SHA256 | ae2976f99876605df0e043ac62081af43426286ec5759dc3eca080e26cb16b97 | — | 2024-07-29 | |
| FileHash-SHA256 | b1b0eb10002669be6b32792a196227f1d595e26b0039e719ef9357e2b8f5361b | — | 2024-07-29 | |
| FileHash-SHA256 | e047f13914278ad4e5cc63d30cfdac56cf20f86d3a4cf26414001e9aed5f9875 | — | 2024-07-29 | |
| FileHash-SHA256 | e65c24d6e5f883ca02f79edc0bd4fdbd28dc130f11fdbca75b7fd26b2587bfa4 | — | 2024-07-29 | |
| domain | abanca-usuario.com | — | 2024-07-29 | |
| domain | amazon-cuentas.com | — | 2024-07-29 | |
| domain | andbank.club | — | 2024-07-29 | |
| domain | antifraudes-es.com | — | 2024-07-29 | |
| domain | au-lives.su | — | 2024-07-29 | |
| domain | au-myposts.com | — | 2024-07-29 | |
| domain | aviso-bbva.com | — | 2024-07-29 | |
| domain | aviso-laboralkutxa.com | — | 2024-07-29 | |
| domain | banca-arquia.com | — | 2024-07-29 | |
| domain | banca-deutsche.com | — | 2024-07-29 | |
| domain | banca-laboraikutxa.com | — | 2024-07-29 | |
| domain | bancaminos-es.online | — | 2024-07-29 | |
| domain | bancaminos.com | — | 2024-07-29 | |
| domain | bancasantander-app.com | — | 2024-07-29 | |
| domain | bancasantander-empresa-es.com | — | 2024-07-29 | |
| domain | bancasantander-empresa.com | — | 2024-07-29 | |
| domain | bancasantander-empresas.com | — | 2024-07-29 | |
| domain | bancasantander-es-empresa.com | — | 2024-07-29 | |
| domain | bancosantander-empresa.net | — | 2024-07-29 | |
| domain | bancosantander-empresas.net | — | 2024-07-29 | |
| domain | bancsabadell-esp.com | — | 2024-07-29 | |
| domain | bankinter-banca.com | — | 2024-07-29 | |
| domain | bankinter-ingreso.com | — | 2024-07-29 | |
| domain | bbva-atencion-cliente.com | — | 2024-07-29 | |
| domain | bbva-seguridad-es.com | — | 2024-07-29 | |
| domain | bbvacuentaonline.su | — | 2024-07-29 | |
| domain | bbvaempresa-es.com | — | 2024-07-29 | |
| domain | be-ceca.com | — | 2024-07-29 | |
| domain | binacecoin.net | — | 2024-07-29 | |
| domain | binaceeasy.com | — | 2024-07-29 | |
| domain | binacefull.biz | — | 2024-07-29 | |
| domain | binacefull.net | — | 2024-07-29 | |
| domain | binacenow.com | — | 2024-07-29 | |
| domain | caixabank-particular.com | — | 2024-07-29 | |
| domain | caixaeginyers.com | — | 2024-07-29 | |
| domain | cajamar-verificacion.com | — | 2024-07-29 | |
| domain | cancelacion-transferencias.net | — | 2024-07-29 | |
| domain | cancelar-recibos.net | — | 2024-07-29 | |
| domain | cornerbanks-ch.com | — | 2024-07-29 | |
| domain | cuenta-app.com | — | 2024-07-29 | |
| domain | direct-cuentas.com | — | 2024-07-29 | |
| domain | direct-usuario.com | — | 2024-07-29 | |
| domain | dispositivo-triodos.com | — | 2024-07-29 | |
| domain | eligecamino.com | — | 2024-07-29 | |
| domain | es-acceso.su | — | 2024-07-29 | |
| domain | es-accesos.su | — | 2024-07-29 | |
| domain | es-actualizacion.su | — | 2024-07-29 | |
| domain | es-bsnacional.com | — | 2024-07-29 | |
| domain | es-clientes.su | — | 2024-07-29 | |
| domain | es-cuenta.su | — | 2024-07-29 | |
| domain | es-cuentas.su | — | 2024-07-29 | |
| domain | es-enter.com | — | 2024-07-29 | |
| domain | es-entra.online | — | 2024-07-29 | |
| domain | es-funcion.su | — | 2024-07-29 | |
| domain | es-funciones.su | — | 2024-07-29 | |
| domain | es-html.com | — | 2024-07-29 | |
| domain | es-info.su | — | 2024-07-29 | |
| domain | es-infos.su | — | 2024-07-29 | |
| domain | es-iniciar.online | — | 2024-07-29 | |
| domain | es-live.su | — | 2024-07-29 | |
| domain | es-lives.su | — | 2024-07-29 | |
| domain | es-miempresas.com | — | 2024-07-29 | |
| domain | es-miparticulares.com | — | 2024-07-29 | |
| domain | es-online.su | — | 2024-07-29 | |
| domain | es-particular-es.com | — | 2024-07-29 | |
| domain | es-registros.com | — | 2024-07-29 | |
| domain | es-saldo.su | — | 2024-07-29 | |
| domain | es-users.com | — | 2024-07-29 | |
| domain | es-usuarios.online | — | 2024-07-29 | |
| domain | es-web.su | — | 2024-07-29 | |
| domain | esp-aviso.com | — | 2024-07-29 | |
| domain | esp-avisos.com | — | 2024-07-29 | |
| domain | etherscamorg.club | — | 2024-07-29 | |
| domain | f-fb-watch.com | — | 2024-07-29 | |
| domain | grupo-inicios.com | — | 2024-07-29 | |
| domain | grupocajarural-esp.com | — | 2024-07-29 | |
| domain | grupos-inicio.com | — | 2024-07-29 | |
| domain | hanseaticbank.su | — | 2024-07-29 | |
| domain | hanseaticsbank-da.com | — | 2024-07-29 | |
| domain | home-html.com | — | 2024-07-29 | |
| domain | hu-alert.online | — | 2024-07-29 | |
| domain | incidencia-404.com | — | 2024-07-29 | |
| domain | laboraikutxa-usuario.com | — | 2024-07-29 | |
| domain | laboraikutxa-web.com | — | 2024-07-29 | |
| domain | laboraikuxta-usuarios.com | — | 2024-07-29 | |
| domain | laborakutxa-usuario.com | — | 2024-07-29 | |
| domain | liberbanconet.club | — | 2024-07-29 | |
| domain | liberbankes.club | — | 2024-07-29 | |
| domain | liberbankiorg.club | — | 2024-07-29 | |
| domain | liberbankis.club | — | 2024-07-29 | |
| domain | liberbanknets.club | — | 2024-07-29 | |
| domain | liberbankorg.club | — | 2024-07-29 | |
| domain | liberbanksnet.club | — | 2024-07-29 | |
| domain | libersbanknets.club | — | 2024-07-29 | |
| domain | mi-abanca.com | — | 2024-07-29 | |
| domain | mi-bancsabadell.com | — | 2024-07-29 | |
| domain | mi-bankinter.com | — | 2024-07-29 | |
| domain | mi-caixabanca.com | — | 2024-07-29 | |
| domain | mi-deustsche-bank.com | — | 2024-07-29 | |
| domain | mi-deutschebank.com | — | 2024-07-29 | |
| domain | mi-evobanco.com | — | 2024-07-29 | |
| domain | mi-kutxabank.com | — | 2024-07-29 | |
| domain | mi-laboraikutxa.com | — | 2024-07-29 | |
| domain | mi-laboralkutxa.com | — | 2024-07-29 | |
| domain | mi-sabadell.com | — | 2024-07-29 | |
| domain | mi-satander.com | — | 2024-07-29 | |
| domain | mibanca-bankinter.com | — | 2024-07-29 | |
| domain | micorreo-aviso.com | — | 2024-07-29 | |
| domain | micorreo-notificacion.com | — | 2024-07-29 | |
| domain | micorreos-notificacion.com | — | 2024-07-29 | |
| domain | mioficina-es.com | — | 2024-07-29 | |
| domain | movil-abanca.online | — | 2024-07-29 | |
| domain | opensbank.com | — | 2024-07-29 | |
| domain | r4banconet.club | — | 2024-07-29 | |
| domain | renta4banconet.club | — | 2024-07-29 | |
| domain | renta4banconets.club | — | 2024-07-29 | |
| domain | seguridad-eurocaja.com | — | 2024-07-29 | |
| domain | seguridad-mi-abanca.com | — | 2024-07-29 | |
| domain | seguridad-mibbva.com | — | 2024-07-29 | |
| domain | supportfbappeal.com | — | 2024-07-29 | |
| domain | targobank-verificacion.com | — | 2024-07-29 | |
| domain | targobank-verificaciones.com | — | 2024-07-29 | |
| domain | tuscamino.com | — | 2024-07-29 | |
| domain | tuscaminos.com | — | 2024-07-29 | |
| domain | uk-lives.su | — | 2024-07-29 | |
| domain | usuario-e.com | — | 2024-07-29 | |
| domain | www-banca-sabadell.com | — | 2024-07-29 | |
| domain | www-bancasabadell.com | — | 2024-07-29 | |
| domain | www-laboraikutxa.com | — | 2024-07-29 | |
| domain | z-sms.online | — | 2024-07-29 | |
| hostname | arquiabanca.es-accesos.su | — | 2024-07-29 | |
| hostname | banca.grupocajarural-esp.com | — | 2024-07-29 | |
| hostname | bancamarch.es-acceso.su | — | 2024-07-29 | |
| hostname | bancaminos.tuscaminos.com | — | 2024-07-29 | |
| hostname | bancobbva.es-online.su | — | 2024-07-29 | |
| hostname | bancosantander.es-web.su | — | 2024-07-29 | |
| hostname | caixaenginyers.es-cuentas.su | — | 2024-07-29 | |
| hostname | deutschbank.es-infos.su | — | 2024-07-29 | |
| hostname | dg.esmas.online | — | 2024-07-29 | |
| hostname | ing.direct-usuario.com | — | 2024-07-29 | |
| hostname | ing.home-html.com | — | 2024-07-29 | |
| hostname | laboralkutxa.es-users.com | — | 2024-07-29 | |
| hostname | laboralkutxa.es-usuarios.online | — | 2024-07-29 | |
| hostname | lng-direct.es-miparticulares.com | — | 2024-07-29 | |
| hostname | openbank.es-clientes.su | — | 2024-07-29 | |
| hostname | santander-empresas.grupo-inicios.com | — | 2024-07-29 | |
| hostname | santander.esp-aviso.com | — | 2024-07-29 | |
| hostname | unicajabanco.es-info.su | — | 2024-07-29 | |
| hostname | www.direct-cuentas.com | — | 2024-07-29 | |
| hostname | www.es-enter.com | — | 2024-07-29 | |
| hostname | www.incidencia-404.com | — | 2024-07-29 |
References (1)