Security News > 2023 > May > ‘Operation Magalenha’ targets credentials of 30 Portuguese banks
A Brazilian hacking group has been targeting thirty Portuguese government and private financial institutions since 2021 in a malicious campaign called 'Operation Magalenha.
The attackers use many methods to distribute their malware to targets, including phishing emails pretending to come from Energias de Portugal and the Portuguese Tax and Customs Authority, social engineering, and malicious websites that mimic these organizations.
In all cases, the infection begins with the execution of an obfuscated VB script that fetches and executes a malware loader, which in turn loads two variants of the 'PeepingTitle' backdoor onto the victim's system following a five-second delay.
The analysts explain that the purpose of those scripts is to distract the users while malware is downloaded and to steal their EDP and AT credentials by directing them to the corresponding fake portals.
PeepingTitle is a Delphi-written malware with a compilation date of April 2023, which Sentinel Labs believes was developed by a single person or team.
Sentinel Labs has noticed several cases where the threat actors demonstrated the ability to overcome operational hurdles since the beginning of Operation Magalenha.