The Spanish Guardia Civil, with help from the analysis agency Group-IB, has efficiently dismantled one of many world’s most lively on-line crime networks- the GXC Workforce. This nationwide operation, which noticed six coordinated searches throughout Spain, ended within the arrest of the alleged mastermind on Could 20, 2025.
The person arrested in San Vicente de la Barquera, Cantabria, is a 25-year-old Brazilian nationwide recognized on-line as GoogleXcoder. Authorities additionally detained different criminals who have been actively utilizing his unlawful instruments. It have to be famous that during the last 12 months, this group’s actions are believed to have prompted monetary losses amounting to hundreds of thousands of euros.
Promoting Crime Instruments as a Service
Rising in early 2023, the suspect GoogleXcoder ran a Crime-as-a-Service (CaaS) operation. This implies he was not all the time the one robbing folks, however as a substitute, he offered the specialised instruments criminals wanted to hold out large scams.
These harmful instruments focused establishments like banks, transportation firms, and on-line outlets in a number of nations, together with Spain, Slovakia, the UK, the US, and Brazil. He provided these kits on underground channels, even having a Telegram group shamelessly named “Steal the whole lot from grandmas,” which exhibits their lack of conscience.
The service provided a number of high-tech instruments, together with:
Phishing Kits: These kits allowed different criminals to create pretend web sites that completely copied the net pages of 10 Spanish banks and greater than 30 worldwide establishments and authorities portals.
Android Malware: This was a computer virus disguised as a easy banking app. As soon as put in, it grew to become the cellphone’s predominant messaging utility and will steal One-Time Passwords (OTPs), that are the safety codes you get by way of textual content.
AI Voice Scams: An modern addition, these instruments robotically generate realistic-sounding voice calls to trick victims into giving up their Two-Issue Authentication (2FA) codes, the additional safety layer we depend on.
The Investigation and Arrest
The operation was solely potential after Group-IB mapped out the staff’s total setup, discovering over 250 pretend rip-off websites and 9 various kinds of unhealthy software program. This intelligence was shared with the Guardia Civil’s Division towards Cybercrime.
Investigation additional revealed that GoogleXcoder lived as a digital nomad, continually shifting between Spanish areas and utilizing stolen identities to lease properties and get new cellphone strains, making him tough to trace.
Following the proof path, the Guardia Civil performed raids not solely in Cantabria but in addition in cities like Valladolid, Barcelona, and Zaragoza. Authorities seized digital units containing the supply code for the pretend web sites, data of communication along with his legal shoppers, and monetary particulars. The year-long investigation additionally tracked and recovered stolen funds that had been moved by means of varied digital currencies, lastly dismantling the channels used to run the schemes.
“The ‘GXC Workforce’ case demonstrates how synthetic intelligence will be misused to industrialise fraud and impersonation on an unprecedented scale. Group-IB was the primary to analyze this AI-enabled framework, permitting us to help regulation enforcement in stopping its unfold and mitigating its influence,” Group-IB’s head of cybercrime investigation in Europe, Anton Ushakov, concluded within the weblog put up.
