Police in Barcelona have arrested four suspected members of a criminal group thought to be behind a massive smishing scheme that targeted tens of thousands of victims with malicious links impersonating banks with the goal of stealing victims’ credentials and money.
According to the Criminal Investigation Division of the Barcelona Metropolitan Police Region, the investigation began in October last year after the police received a complaint from a victim of the smishing scheme. The investigation into the matter uncovered a large smishing operation, in which scammers sent SMS to the victims' phones containing a link to fake web pages disguised as websites of banks and mobile operators designed to steal victims’ credentials.
Once the credentials were obtained, the criminals made duplicates of the SIM cards to take control of victims’ phones, which allowed them to obtain the operational validation codes sent by the banks. Using this access the hackers would make fraudulent money transfers and purchase high-end cell phones. The police said that the group has sent at least 71,000 malicious messages to victims.
While the police did not disclose the name of the gang, The Record reported that the four suspects are members of FluBot, a cybercrime group behind the eponymous malware, which has been around since late 2020. FluBot is a banking trojan for Android devices, which abuses the Android Accessibility service to show fake login screens for mobile banking portals.
In the raid, which took place March 2, the police seized laptops, cash, documents, and mobile devices. The four suspects aged between 19 and 27, were arrested in Barcelona. Two of the men were detained while the other two have been released but ordered to appear in court every 15 days as the investigation is ongoing.