The Civil Guard has dismantled one of Spain’s most active phishing networks, arresting a 25-year-old Brazilian developer known online as “GoogleXcoder.”
He stands accused of designing and selling phishing kits that allowed other criminals to mimic banks, government agencies, and public institutions.
Since 2023, a slew of phishing attacks have swept across Spain. Bad actors posed as trusted entities, fooling victims into revealing personal details. The losses ran into millions. Complaints surged and anxiety grew.
The Civil Guard’s Cybercrime Unit began hunting for the scammers, as well as the author behind the code. Their trail led to “GoogleXcoder,” a developer offering phishing-as-a-service to anyone willing to pay.
His kits cloned websites with precision. They came with technical support, custom branding, and regular updates, a dark echo of professional software work.
These tools were traded in Telegram channels. Criminals paid hundreds of euros a day to use them, impersonating dozens of institutions and robbing thousands of victims. One group, with chilling bluntness, called itself “Steal Everything from Grandmothers.”
Tracking the suspect wasn’t easy. He moved often, switching homes, phone numbers, and payment cards, hiding behind stolen identities. Investigators found him living a digital nomad life with his family, always online, always working.
The Civil Guard closed in on San Vicente de la Barquera, Cantabria. There, they made the arrest. Inside, they found laptops loaded with cloned websites, cryptocurrency wallets, and chat logs linking him to a network of global scammers.
Six others have since been identified in connection with the operation. Searches were carried out in Valladolid, Zaragoza, Barcelona, Palma de Mallorca, San Fernando, and La Línea de la Concepción.
Investigators seized electronic devices and digital funds traced to the victims’ stolen money.
The operation, led by the Investigative Court No. 1 of San Vicente de la Barquera, remains open. More arrests may follow. Telegram channels linked to the network have been taken down, and forensic teams are still combing through encrypted evidence.
The Civil Guard worked closely with the Brazilian Federal Police and cybersecurity firm Group-IB, whose intelligence helped unravel the digital threads of a crime that crossed borders and screens.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.