Cyberattacks in San Juan:
two companies lose over $200 million to Trojan virus
n recent hours, two companies in San Juan have fallen victim to cyberattacks with alarming consequences: over 200 million pesos were stolen through Trojan type malware, a technique increasingly common in the world of cybercrime.
The affected firms, the distributor Rafael Moreno and the El Castaño clinic, suffered virtual thefts using a similar method, and all indications suggest they may be part of the same criminal network. The Cybercrime Prosecutor’s Unit is already investigating the cases.
¿How did the attack work?
In both cases, the attack began with the infection of the system through a malicious file, likely received via email. Once opened, the file installed a Trojan: a virus that remains hidden until it detects an active banking session.
When one of the users logged into the company’s bank account, the virus activated, froze the computer’s keyboard and mouse, and executed an automated script that transferred the funds to newly created bank accounts. The entire process lasted just a few minutes and occurred without direct human intervention, demonstrating the high level of automation and sophistication of these types of attacks.
In Rafael Moreno’s case, the loss exceeded $100 million. At El Castaño Clinic, the same thing happened, with a similar amount. In both cases, the banks were able to partially freeze the transfers, recovering around $40 million before the funds were fully withdrawn.
A repeating pattern
This type of scheme is not new, but it is on the rise. According to authorities, Trojan viruses are installed through PDF files, images, or other attachments that, once opened, trigger the infection process. The Trojan remains dormant until it detects access to banking platforms, at which point it initiates a series of actions that are nearly impossible to stop.
What’s most concerning is that the stolen funds don’t end up in easily traceable accounts. Instead, they are divided among multiple intermediary accounts, many of which are registered under the names of young individuals or foreigners with no connection to each other. Eventually, the money often ends up converted into cryptocurrency, where traceability becomes virtually nonexistent.
¿What now? The challenge of investigating this type of crime
As stated by prosecutor Pablo Martín, who is leading the case, most of these attacks do not originate within the country, which makes it difficult to act quickly. Added to this is the use of false or stolen identities, mule accounts, and decentralized value exchange platforms.
The Public Prosecutor’s Office pointed out that the banks’ systems failed to issue early alerts and emphasized the urgent need for stronger measures, such as temporary holds on suspicious transactions, to give institutions time to verify movements before they are completed.
Authorities also stressed the importance of companies raising their cybersecurity standards, especially those that handle large amounts of money or sensitive information. Simple actions like avoiding opening files from unknown emails or using dedicated computers for financial operations can make a big difference.
¿What can we learn from this?
The incidents in San Juan are not isolated cases. They are a new warning sign for the Argentine business ecosystem, which often underestimates digital risks or lacks the resources to implement preventive solutions.
Investing in cybersecurity is an operational necessity. Today, the economic, reputational, and legal damage caused by a cyberattack far outweighs the cost of preventing it.
Moreover, these types of crimes highlight that security cannot rely solely on banks. It is a shared responsibility between the financial sector, the government, and every organization that uses digital systems for management or payments.
An urgent agenda for the private sector
In a context where more and more companies are shifting toward digitalization and remote work, securing access, monitoring abnormal behavior, and training teams in cybersecurity best practices is no longer optional. It’s strategic.
This time, San Juan was the epicenter of a case that could easily be repeated anywhere in the country. That’s why it’s essential to stop viewing these incidents as isolated exceptions and start understanding them as part of a real and ongoing threat, one that demands a structural response.
TU SEGURIDAD
EN BUENAS MANOS
Bundles
Información
¿Tienes alguna duda sobre los servicios? ¡Llámanos!
Heimdall Agency copyright © 2024. Todos los derechos reservados