FRAUD across Latin America’s mobile-first digital banking ecosystem has accelerated, with social engineering, account takeovers and mobile-based attacks driving losses ahead of many other regions. Social engineering scams jumped 155% in 2025, while malware, remote-access fraud and stolen-device incidents climbed across the region, according to BioCatch.
Gaining access to a device allows fraudsters to trigger an attack chain that can lead to stolen funds, with banks in Mexico reporting a quadrupling of account takeover attacks in 2025 and the region as a whole seeing 1.6 times more attacks. The majority of users rely on Android devices, and the widespread availability of remote-access tools on Android drives a higher incidence of these scams, BioCatch’s findings indicate.
Late last year Chinese-speaking attackers targeted the region with a banking bot dubbed ToxicPanda, and in March an Android-based banking Trojan targeted Brazil’s Pix, fooling users into installing the program. April 8, 2026, Robert Lemos, Contributing Writer. According to BioCatch, the report emphasises a shift from targeting individual transactions to undermining authentication layers, suggesting a need for layered, collaborative defence beyond static signals.