Security News > 2023 > May > Alert: Brazilian Hackers Targeting Users of Over 30 Portuguese Banks

A Brazilian threat actor is targeting Portuguese financial institutions with information-stealing malware as part of a long-running campaign that commenced in 2021.

PeepingTitle, like Maxtrilha, is written in the Delphi programming language and is equipped to grant the attacker full control over the compromised hosts as well as capture screenshots and drop additional payloads.

The attack chains begin with phishing emails and rogue websites hosting fake installers for popular software that are engineered to launch a Visual Basic Script responsible for executing a malware loader.

PeepingTitle monitors users' web browsing activity, and if a browser tab matching one of the target financial institutions is opened, it exfiltrates screen captures and stages further malware executables from a remote server.

"With the first PeepingTitle variant capturing the entire screen, and the second capturing each window a user interacts with, this malware duo provides the threat actor with a detailed insight into user activity," the researchers explained.

"Operation Magalenha indicates the persistent nature of the Brazilian threat actors," the researchers said.

News URL

https://thehackernews.com/2023/05/alert-brazilian-hackers-targeting-users.html