bleepingcomputer.com
By Bill Toulas
October 11, 2025
Spanish Guardia Civil have dismantled the “GXC Team” cybercrime operation and arrested its alleged leader, a 25-year-old Brazilian known as “GoogleXcoder.”
The GXC Team operated a crime-as-a-service (CaaS) platform offering AI-powered phishing kits, Android malware, and voice-scam tools via Telegram and a Russian-speaking hacker forum.
“The Civil Guard has dismantled one of the most active criminal organizations in the field of phishing in Spain, with the arrest of a 25-year-old Brazilian young man considered the main provider of tools for the massive theft of credentials in the Spanish-speaking environment,” announced Guardia Civil.
Group-IB has been tracking the operation and says that GXC Team was targeting banks, transport, and e-commerce entities in Spain, Slovakia, the UK, the US, and Brazil.
The phishing kits replicated the websites of tens of Spanish and international institutions, and powered at least 250 phishing sites.
The threat group also developed at least nine Android malware strains that intercepted SMS and one-time passwords (OTPs), useful for hijacking accounts and validating fraudulent transactions.
GXC Team also offered complete technical support and campaign customization services to its clients, acting as a pro-grade and high-yielding crime platform.
A police operation conducted on May 20, involved coordinated raids across Cantabria, Valladolid, Zaragoza, Barcelona, Palma de Mallorca, San Fernando, and La Línea de la Concepción.
During these actions, the authorities seized electronic devices containing phishing kit source code, communications with clients, and financial records.
Law enforcement agents recovered cryptocurrency stolen from victims and shut down Telegram channels used to promote the scams. One of these channels was named “Steal everything from grandmothers.”
The authorities stated that the nationwide raids were made possible thanks to the analysis of the seized devices and cryptocurrency transactions of GoogleXcoder, who was arrested more than a year ago.
“The forensic analysis of the seized devices, as well as the cryptocurrency transactions, which lasted for more than a year due to their complexity, made it possible to reconstruct the entire criminal network, managing to identify six people directly related to the use of these services,” explained Guardia Civil.
The investigation into the GXC Team is still ongoing, and Spanish authorities have mentioned the possibility of further actions leading to the arrest of more members of the cybercrime ring.
therecord.media -Germany’s highest court on Thursday ruled that law enforcement cannot use spyware to monitor personal devices in cases that carry less than a three year maximum sentence.
The court was responding to a lawsuit brought by the German digital freedoms organization Digitalcourage.
The plaintiffs argued that a 2017 rules change enabling law enforcement to use spyware to eavesdrop on encrypted chats and messaging platforms could unfairly expose communications belonging to people who are not criminal suspects.
The 2017 change to the German criminal procedure code was not precise enough about when spyware can be used, the court ruled, saying that snooping software is only appropriate in investigations of serious cases.
Such surveillance causes a “very severe interference” with fundamental rights, the court said in a press release.
Law enforcement use of spyware “enables the interception and analysis of all raw data exchanged and thus has an exceptional reach, particularly given the realities of modern information technology and its significance for communication relations,” the press release said.
The Spanish police have arrested two individuals in the province of Las Palmas for their alleged involvement in cybercriminal activity, including data theft from the country's government.
The duo has been described as a "serious threat to national security" and focused their attacks on high-ranking state officials as well as journalists. They leaked samples of the stolen data online to build notoriety and inflate the selling price.
"The investigation began when agents detected the leakage of personal data affecting high-level institutions of the State across various mass communication channels and social networks," reads the police announcement.
"These sensitive data were directly linked to politicians, members of the central and regional governments, and media professionals."
The first suspect is believed to have specialized in data exfiltration, while the second managed the financial part by selling access to databases and credentials, and holding the cryptocurrency wallet that received the funds.
The two were arrested yesterday at their homes. During the raids, the police confiscated a large number of electronic devices that may lead to more incriminating evidence, buyers, or co-conspirators.
24.03.2025 - En 2024, la police a enregistré au total 563 633 infractions relevant du Code pénal (CP), soit environ 8% de plus que l'année précédente. Si l'on considère la criminalité par domaines, les infractions numériques ont, comme les années précédentes, affiché une forte hausse (+35%). Les infractions contre le patrimoine se sont accrues de 8% par rapport à 2023. Et les infractions de violence grave ont augmenté (+19%) pour la troisième année consécutive. Ce sont là quelques-uns des résultats de la statistique policière de la criminalité (SPC), établie par l'Office fédéral de la statistique (OFS).
Security researchers found evidence that Cellebrite was used by Serbian police to hack into the cellphones of a local journalist and an activist.
Four distributors of the encrypted communications service Sky ECC, used extensively by criminals, were arrested in Spain and the Netherlands.
The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities.
An international law enforcement operation led to the arrest of one of the three administrators of the dual dark web market 'Bohemia/Cannabia,' known for hosting ads for drug sales and distributed denial of service (DDoS) attacks.
The City of London Police had put the teenage boy in the suburban Travelodge to protect him. They even set up a code with him and his mom to signal it was safe to open the door: “Lucky lucky.”
Then they grew suspicious.
The teen had a history with the police. It was September 2022, and 17-year-old Arion Kurtaj had been arrested twice earlier that year for his alleged role in a hacking group that stole data and demanded ransoms from some of the world’s biggest tech companies. Kurtaj, who is autistic, was released both times. The second time, that March, he had been let go under the condition that he stay offline.
The national Dutch police (Politie) says that a state actor was likely behind the data breach it detected last week.
This blog post is a response to an investigative news report about a large-scale law-enforcement attack that managed to de-anonymize a user of an old version of the long-retired app Ricochet. This blog post aims to provide insight into what we know so far. Nothing that the Tor Project has learned about this incident suggests that Tor Browser was attacked or exploited. Tor users can continue to use Tor Browser to access the web securely and anonymously.
Australian police say they have infiltrated Ghost, an encrypted global communications app developed for criminals, leading to dozens of arrests.
Operation Kraken is a sign that organized criminals are moving away from larger encrypted phone companies to a decentralized collection of smaller players and consumer access apps that the rest of us use.
An investigation has been launched after a data breach led to the details of current and former Police Ombudsman staff members being accidently released.
The Police Ombudsman (PONI) has apologised for the data leak incident involving 160 current and former staff.
The Toronto Police Service is making the public aware of 10 arrests made and 108 charges laid in a major SIM swap fraud investigation dubbed Project Disrupt.
On Thursday, August 1, 2024, Detective David Coffey, from the Financial Crimes Unit, and Detective Constable Michael Gow, from the Coordinated Cyber Center (C3), held a news conference about Project Disrupt.
LabHost enabled users to set up websites designed to trick victims into revealing personal information – with 70,000 allegedly duped in the UK
German police seized the largest German-speaking cybercrime marketplace Crimemarket and arrested one of its operators.
The LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector.
Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang's servers in an international crackdown operation.
Law enforcement agencies from 11 countries have disrupted the notorious LockBit ransomware operation in a joint operation known as ''Operation Cronos.
