Spanish authorities have dismantled the notorious GXC Team cybercrime syndicate in a major international operation. The Guardia Civil arrested the group’s 25-year-old Brazilian leader, known online as “GoogleXcoder,” in coordinated raids across Barcelona, Zaragoza, and Palma de Mallorca. The takedown marks one of Europe’s largest cybercrime-as-a-service disruptions in 2025.
Investigators received support from Europol and cybersecurity firm Group-IB, which provided intelligence on the group’s online infrastructure. Officers seized computers, smartphones, and cryptocurrency linked to illicit profits. The arrests followed months of investigation into phishing kits, Android malware, and social engineering schemes sold through Telegram and dark web forums.
Inside the GXC Team’s Operation
The GXC Team specialized in selling ready-made cybercrime tools to other threat actors. Its portfolio included:
- AI-powered phishing kits mimicking banks and e-commerce portals
- Android malware intercepting SMS and one-time passwords
- Voice scam software used for fake customer support calls
The syndicate offered technical support and customization to clients, creating a professional service model for criminals. Researchers linked the group to over 250 fraudulent websites and at least nine active malware families.
International Reach and Impact
Though based in Spain, GXC Team tools reached victims worldwide. Law enforcement agencies in the United States, Brazil, and the United Kingdom are analyzing evidence seized during the operation. Authorities believe the group enabled thousands of online fraud campaigns and identity theft cases.
The takedown highlights growing collaboration between law enforcement and cybersecurity firms. It also demonstrates how cybercriminal operations increasingly resemble commercial businesses, complete with marketing, customer support, and subscription models.
Final Thoughts
The dismantling of GXC Team represents a significant blow to Europe’s cybercrime ecosystem. However, experts warn that similar crime-as-a-service groups could emerge using the same tactics. As investigators trace affiliates and clients, authorities continue to monitor the dark web for rebranded operations. The case underlines the need for constant vigilance and cross-border cooperation in the fight against digital crime.
