A Region Under Siege
Latin America's digital banking ecosystem is experiencing a dramatic escalation in fraud activity, outpacing every other global region. Driven by a convergence of social engineering, account takeover (ATO) schemes, and mobile-centric attack strategies, cybercriminals are chaining techniques together with alarming efficiency — moving from voice scams to account compromise to fraudulent fund transfers in rapid succession.
According to a report published by BioCatch, a fraud and financial-crime prevention firm, social engineering scams jumped 155% in 2025 alone. Malware incidents, remote-access fraud, and stolen-device cases all climbed sharply across the region during the same period.
Josué Martínez, senior director of global advisory for Latin America at BioCatch, described the underlying dynamic: "We are seeing continuous evolution in attackers' methods, with tactics that increasingly target and undermine authentication layers rather than individual transactions. As a result, traditional controls are often insufficient on their own."
Why Latin America Has Become a Prime Target
Organizations across Latin America are already contending with roughly 50% more cyberattacks than the average global organization. Nation-state actors have taken notice as well. Chinese threat groups — including Vixen Panda, Aquatic Panda, and Liminal Panda — have been actively targeting government agencies, telecom providers, and military entities throughout the region. Brazilian threat actors, meanwhile, recently deployed a banking Trojan that spread automatically to harvest banking credentials from unsuspecting consumers.
The fraud landscape is not uniform across the region. Mexico saw account takeover attempts surge by more than 300%, with banks in the country recording a quadrupling of ATO attacks in 2025. Colombia experienced broad increases across phishing, SIM swapping, and malware incidents. Brazil recorded a 340% year-over-year rise in stolen-device incidents. In contrast, Argentina saw a decline in money-mule activity after launching a real-time fraud intelligence-sharing network — a concrete demonstration that coordinated defenses can meaningfully shift outcomes.
The Mobile-First Problem
A structural feature of Latin America's digital economy is amplifying these risks. The region has seen rapid digital adoption driven overwhelmingly by mobile-first users and real-time payment platforms. This has created a large and growing pool of less-experienced digital consumers who make attractive targets for fraudsters.
Martínez pointed to a regulatory gap that compounds the issue: "In many countries, scam-related losses are not consistently reimbursed by financial institutions, which reduces the immediate financial incentive to invest aggressively in preventative controls focused on social engineering."
Across the region as a whole, banks are encountering 1.6 times more account takeover attacks compared to prior periods, the BioCatch report stated. Attackers specifically target mobile devices because controlling a device grants access to its second-factor authentication capabilities, enabling full account takeover.
"The majority of users rely on Android devices, [and] the widespread availability of remote-access tools for this operating system drives a higher incidence of these scams, which are frequently used in multiple ways to defraud users," Martínez explained.
Notable Malware Campaigns in the Region
Several high-profile malware campaigns have illustrated the scale of mobile-focused threats in Latin America:
- ToxicPanda: In late 2025, Chinese-speaking attackers deployed a banking bot dubbed ToxicPanda against the region. The campaign actively targeted customers at 16 different financial institutions.
- Pix-targeting Android Trojan: In March, an Android-based banking Trojan targeted Pix, a Brazilian mobile payments solution. The malware tricked users into installing the application, then remained dormant on the device until it could divert payments.
- Casbaneiro: Brazilian threat actors previously deployed the Casbaneiro banking Trojan, which worms through the region automatically collecting banking credentials.
The use of remote access Trojans (RATs) targeting mobile devices also rose sharply in the latter half of 2025, with Colombia experiencing a particularly notable uptick alongside SIM-swapping attacks and mobile malware incidents.
Country-by-Country Threat Profiles
Each country in Latin America presents a distinct fraud profile, though the emphasis on mobile attack surfaces is a common thread throughout the region:
- Brazil: Stolen device incidents surged 340% year over year, making device theft the dominant fraud vector.
- Mexico: Account takeover attempts climbed more than 300%, with banks recording quadrupled ATO rates in 2025.
- Colombia: Fraud is diversified across phishing, SIM swapping, mobile malware, and RAT-based attacks, with smaller but still significant increases in stolen-device cases.
- Argentina: Money-mule account activity declined in the latter half of 2025 following the launch of a real-time fraud intelligence-sharing network — a regional bright spot.
Fraudsters Adapt Quickly to Defenses
One of the most challenging aspects of the threat environment is how rapidly attackers pivot when defenses prove effective. Martínez noted that Argentina's success in reducing mule activity has not stopped fraudsters — it has simply redirected them.
"Once banks in a given country have effectively solved for a particular MO, fraudsters will either change MOs or shift their focus to a different geography," he said.
This adaptability underscores why static, siloed defenses are increasingly inadequate. Financial institutions need to move beyond isolated security signals and toward collaborative, intelligence-driven frameworks.
The Path Forward: Layered and Collaborative Defense
BioCatch and Martínez advocate for a layered approach that combines technical controls with consortium-based threat intelligence. Rather than relying on individual transaction signals, institutions should incorporate broader contextual data — including the risk reputation of target accounts — to develop a more accurate picture of attacker intent.
"Technical controls must be complemented by additional capabilities that provide broader context, such as consortium-based intelligence that helps assess the risk reputation of the target account," Martínez said. "This layered approach allows institutions to move beyond isolated signals and develop a more accurate understanding of intent and exposure."
As Latin America continues its rapid trajectory toward mobile-first digital finance, the pressure on financial institutions to modernize fraud defenses — and to do so collaboratively — has never been greater. The BioCatch data makes clear that the cost of inaction will only compound as attackers refine their cross-border, cross-technique playbooks.
Source: Dark Reading