Fraud Rockets Higher in Mobile-First Latin America

CYBERATTACKS & DATA BREACHES CYBERSECURITY OPERATIONS VULNERABILITIES & THREATS THREAT INTELLIGENCE NEWS Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific Fraud Rockets Higher in Mobile-First Latin America Cyber-fraudsters move quickly from compromised devices to account takeover to funds transfer, shifting money before many financial institutions can react. Robert Lemos,Contributing Writer April 8, 2026 4 Min Read SOURCE: SKORZEWIAK VIA SHUTTERSTOCK Fraud across Latin America's digital banking sector has accelerated, outpacing other global regions and driven by a surge in social engineering, account takeovers, and mobile-based attacks. Social engineering scams jumped 155% in 2025, while malware, remote-access fraud, and stolen-device incidents all climbed sharply across the region, according to a report published by BioCatch, a fraud and financial-crime prevention firm. The surge in attacks highlights a structural shift in the way attackers are operating in the region, chaining together techniques to move from voice scams to account takeover to, ultimately, fraudulent transfers. Gaining access to a device — whether through remote takeover or device theft — allows fraudsters to kick off an attack chain that leads to stolen funds, says Josué Martínez, senior director of global advisory for Latin America at BioCatch. "We are seeing continuous evolution in attackers' methods, with tactics that increasingly target and undermine authentication layers rather than individual transactions," he says. "As a result, traditional controls are often insufficient on their own." Related:Bank Trojan 'Casbaneiro' Worms Through Latin America Latin America has become an increasingly popular target of cyberattackers, with organizations in the region currently seeing about 50% more attacks than the average global organization. Over the past year, Chinese groups — such as Vixen Panda, Aquatic Panda, and Liminal Panda — have targeted government agencies, telecom providers, and military entities in Latin America. Meanwhile, Brazilian threat actors recently used a banking Trojan that spread automatically to collect banking credentials from unwitting consumers. The impact of fraud is uneven across the region. Mexico saw account takeover attempts surge more than 300%, while Colombia experienced broad increases across phishing, SIM swapping, and malware. In contrast, Argentina recorded a decline in mule activity after launching a real-time fraud intelligence-sharing network, highlighting how coordinated defenses can shift outcomes. Fraud Driven by a Mobile-First Economy Part of the problem for financial institutions in the region is that governments do not necessarily hold banks liable for losses to fraud, which means the institutions may not have an incentive to invest in cybersecurity, Martínez says. "In many countries, scam-related losses are not consistently reimbursed by financial institutions, which reduces the immediate financial incentive to invest aggressively in preventative controls focused on social engineering," he says. "At the same time, rapid digital adoption — often driven by mobile-first users and real-time payments — has expanded the number of less-experienced digital consumers, creating a larger and more attractive pool of potential victims." Related:Chinese Police Use ChatGPT to Smear Japan PM Takaichi   Cyberattackers preferred attacking mobile devices (dark blue line) compared to desktop systems. Source: BioCatch Account-takeover scams are on the rise as well, with banks in Mexico seeing a quadrupling of attacks in 2025, and the region as a whole encountering 1.6 times more attacks, the report stated. Attackers target mobile devices because, if they can control the device, they can use it as a second factor and pursue account takeover (ATO) attacks, Martínez notes. "The majority of users rely on Android devices, [and] the widespread availability of remote-access tools for this operating system drives a higher incidence of these scams, which are frequently used in multiple ways to defraud users," he says. Late last year, Chinese-speaking attackers targeted the region with a banking bot dubbed ToxicPanda, which actively targeted the customers at 16 different financial institutions. In March, an Android-base banking Trojan targeted a Brazilian mobile payments solution, Pix, fooling users into installing the program, which then stayed on the device until it could divert payments. Different Latin American Regions, Different Fraud Related:Singapore & Its 4 Major Telcos Fend Off Chinese Hackers Each country in LatAm has had to deal with a different threat profile, but the focus on mobile extends across the region. Brazil has encountered a surge in stolen devices, up 340% year over year, while Colombia contends with smaller increases in stolen devices, but also a variety of other device-focused fraud, such as SIM swapping and mobile malware, according to the BioCatch report. The use of remote access Trojans (RATs) targeting mobile devices also rose quickly in the latter half of 2025. One good trend: Argentina saw money-mule accounts decline in the latter half of 2025, a departure from other countries in the region. Yet, fraudsters are quick to move on, Martínez says. "Once banks in a given country have effectively solved for a particular MO, fraudsters will either change MOs or shift their focus to a different geography," he says. Companies need to move beyond static defenses and collaborate with each other to head off the threat, Martínez says. "Technical controls must be complemented by additional capabilities that provide broader context, such as consortium-based intelligence that helps assess the risk reputation of the target account," he says. "This layered approach allows institutions to move beyond isolated signals and develop a more accurate understanding of intent and exposure." Read more about: DR Global Latin America About the Author Robert Lemos Contributing Writer Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports AI SOC for MDR: The Structural Evolution of Managed Detection and Response How Enterprises Are Developing Secure Applications Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Gartner IGA Voice of the Customer 2026 Access More Research Webinars Security in the AI Age Identity Maturity Under Pressure: 2026 Findings and How to Catch Up Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need More Webinars You May Also Like CYBERATTACKS & DATA BREACHES CISA Warns of 'Ongoing' Brickstorm Backdoor Attacks by Rob Wright DEC 04, 2025 CYBERATTACKS & DATA BREACHES Researcher Says Patched Commvault Bug Still Exploitable by Jai Vijayan, Contributing Writer MAY 06, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 CYBERATTACKS & DATA BREACHES What Should the US Do About Salt Typhoon? by Alexander Culafi, Senior News Writer, Dark Reading APR 10, 2025 Editor's Choice CYBERSECURITY OPERATIONS RSAC 2026: AI Dominates, But Community Remains Key to Security byKristina Beek,Rob Wright APR 2, 2026 CYBERATTACKS & DATA BREACHES Not Toying Around: Hasbro Attack May Take 'Weeks' to Remediate byNate Nelson APR 2, 2026 3 MIN READ ENDPOINT SECURITY CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry byJeffrey Schwartz APR 3, 2026 3 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Security in the AI Age TUES, APRIL 28, 2026 AT 1PM EST Identity Maturity Under Pressure: 2026 Findings and How to Catch Up WED, MAY 6,2026 AT 1PM EST Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST More Webinars White Papers How Sunrun Transformed Security Operations with AiStrike Autonomous Pentesting at Machine Speed, Without False Positives Fixing Organizations' Identity Security Posture Best practices for incident response planning Industry Report: AI, SOC, and Modernizing Cybersecurity Explore More White Papers BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE