You are currently viewing Amenaza de drops (Mulas) se traslada a Latinoamérica

Threat of drops (Mulas) moves to Latin America

Cybercrime has seen an opportunity to attack the Spanish-speaking public through the best-selling electronic devices in LATAM.

Wednesday, August 10, 2022: The terms “Drops” and “Mula” are related to drug trafficking in Latin America; however, in Drops cybercrime cases, it refers to aliases that refer people who want to make money quickly through technological fraud.

In this region the number of people who have access to the internet is much lower than in other parts of the world, even so, this same number has skyrocketed in recent years thanks to advances in communication networks in developing countries, putting them in the crosshairs of digital crime; however, despite the increase in computers in the region, it is not easy for the Latin American community to acquire technology for reasons such as the lack of opportunities and the bad economy.

Cybercrime has seen an opportunity to attack the Spanish-speaking public through the electronic devices with the highest sales in LATAM: mobile phones or Smartphones, an easily accessible item that can connect to any network, opening the door to these attackers without great effort. security barriers, in addition to providing easy access to communication through different applications such as WhatsApp, Facebook Messenger, Telegram or even through web forums or blogs.

An analysis has been made of each of the tactics and techniques used by these types of attackers, how they manage to recruit drops to launder money and what types of services they offer as a hook to capture unsuspecting users, concluding that:

  • Attackers use different methods, themes, or types of scams to recruit their drops. Among the most used are the lottery, romance, self-improvement, work from home and obviously all the quick and easy ways to earn money with little effort.
  • These drops or collaborators may be conscious or unconscious participants in the criminal act.
  • The means by which the drops are recruited are traditional sources of communication such as popular virtual forums or, in many cases, messaging platforms for mobile devices that allow the transmission of data and documents.
  • Advertising has been found on these channels where drops are offered, in addition to moving money, executing specific actions with contraband items, narcotics, packages in general, and even moving stolen goods.

In the region, several popular Spanish and Portuguese forums have been eliminated when identifying this type of behavior, for which the attackers have been forced to transfer their illicit businesses to other types of recognized channels that are normally open to Spanish-speaking audiences. Russian and English, in this way the constant increase of Spanish speakers has been identified in sources such as BreachForums, Exploit and XSS.

Another of the channels with an increase in attacks are chat services on mobile devices, where LATAM, despite having a slow path towards a digital and technological society, has increased the use of smartphones in recent years; Unfortunately, and compared to other economies, investment in network infrastructure, security and maintenance is very low and the lack of investment in cybersecurity hygiene and in professionals to combat cybercrime is minimal, which means that computer criminals, especially involved in drop business, they manage to have very high success rates in their criminal campaigns and manage to develop different negative actions, such as:

  • The attackers have begun to share with their counterparts tutorials on what drops are and the best strategies to practice these criminal acts through forums and stores on the Dark Web.
  • These sources include recruiting ads with compromised credit card crash information and search for abandonment partners and cybercriminals advertising these same services.
  • The most common Spanish-speaking advertising among attackers refers to recruiting drops for banking transactions and withdrawal opportunities.

In LATAM, money drops are the most sought after with great success in recruitment due to employment and economic problems in each nation, so the risk is assumed by people at the cost of legal problems. Just like drug mules that move narcotics from one country to another, money drops move large sums through their accounts in exchange for a small percentage in order to launder these criminal proceeds that generally have to do with drugs; For this purpose, the attackers only recruit people willing to hand over their personal information and credentials of their digital bank accounts, they even ask for their credit card data and copies of their identification documents where, although these drops largely receive the agreed percentage, sometimes these same data are used to steal or generate other types of scams.

In conclusion, the number of Internet users in LATAM grows by leaps and bounds every year, so the potential for a large part of the population to become a victim of a drop or to be dropped directly is very great. Economic insecurity, instability in the region and the acceptance of these supposed strategies or informal job offers that promise to attract money quickly, will continue to grow as long as no progress is made in shielding the networks in the community.

The main recommendations so that organizations and each individual that may be linked to these threats, can avoid becoming drop involuntarily, are:

  • Properly research each person or company that wants to do business with you.
  • If you happen to transfer money, use methods or companies that protect the transaction; In the market you can find different banks or services like PayPal that offer protection against fraud.
  • Monitor transactions, including checking withdrawals from your bank account, and track every order tied to it.







  • Receive alerts, updates, key information and more, being part of the DEFENSI.ONE community

© 2021 by DEFENSIONE. Cybersecurity | Defense and Response. Developed by CROZZ Marketing.