Peruvian Peaks: The Digital Loan Illusion

Group-IB researchers describe a large-scale loan-themed phishing campaign targeting Peru and other Latin American countries in 2024–2025, using social-media ads and roughly 370 spoofing domains to lure victims into fake loan applications that harvest DNI, card details, online banking passwords and PINs; the attackers use obfuscated JavaScript (librarypools.js), Luhn validation to filter valid cards, modular endpoints, and redirection to legitimate bank sites to avoid detection, and the report includes technical indicators, campaign scope, and recommendations for banks, consumers, and regulators.