Home Security Brazilian Hackers Concentrating on Customers of Over 30 Portuguese Banks

Brazilian Hackers Concentrating on Customers of Over 30 Portuguese Banks

by crpt os


May 25, 2023Ravie LakshmananFinancial Security / Cyber Threat

A Brazilian threat actor is targeting Portuguese financial institutions with information-stealing malware as part of a long-running campaign that commenced in 2021.

“The attackers can steal credentials and exfiltrate users’ data and personal information, which can be leveraged for malicious activities beyond financial gain,” SentinelOne researchers Aleksandar Milenkoski and Tom Hegel said in a new report shared with The Hacker News.

The cybersecurity firm, which began tracking “Operation Magalenha” earlier this year, said the intrusions culminate in the deployment of two variants of a backdoor called PeepingTitle so as to “maximize attack potency.”

The links to Brazil stem from the use of the Brazilian-Portuguese language within the detected artifacts as well as source code overlaps with another banking trojan known as Maxtrilha, which was first disclosed in September 2021.

PeepingTitle, like Maxtrilha, is written in the Delphi programming language and is equipped to grant the attacker full control over the compromised hosts as well as capture screenshots and drop additional payloads.

The attack chains begin with phishing emails and rogue websites hosting fake installers for popular software that are engineered to launch a Visual Basic Script responsible for executing a malware loader. The loader subsequently downloads and executes the PeepingTitle backdoors.

PeepingTitle monitors users’ web browsing activity, and if a browser tab matching one of the target financial institutions is opened, it exfiltrates screen captures and stages further malware executables from a remote server.

This is achieved by comparing the window title to a predefined set of strings related to targeted organizations, but not before transforming it into lowercase string san any whitespace characters.

UPCOMING WEBINAR

Zero Trust + Deception: Learn How to Outsmart Attackers!

Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!

Save My Seat!

“With the first PeepingTitle variant capturing the entire screen, and the second capturing each window a user interacts with, this malware duo provides the threat actor with a detailed insight into user activity,” the researchers explained.

An important aspect of Magalenha is the shift from DigitalOcean and Dropbox in 2022 to Timeweb Cloud, a Russian cloud service provider that has a more lenient approach towards infrastructure abuse, for malware hosting and command-and-control.

“Operation Magalenha indicates the persistent nature of the Brazilian threat actors,” the researchers said. “These groups represent an evolving threat to organizations and individuals in their target countries and have demonstrated a consistent capacity to update their malware arsenal and tactics, allowing them to remain effective in their campaigns.”

“Their capacity to orchestrate attacks in Portuguese- and Spanish-speaking countries in Europe, Central, and Latin America suggests an understanding of the local financial landscape and a willingness to invest time and resources in developing targeted campaigns.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex