Security News
An unknown cybercrime threat actor has been observed targeting Spanish- and Portuguese-speaking victims to compromise online banking accounts in Mexico, Peru, and Portugal. The cybersecurity company attributed the campaign, dubbed Operation CMDStealer, to a Brazilian threat actor based on an analysis of the artifacts.
A Brazilian threat actor is targeting Portuguese financial institutions with information-stealing malware as part of a long-running campaign that commenced in 2021. PeepingTitle, like Maxtrilha, is written in the Delphi programming language and is equipped to grant the attacker full control over the compromised hosts as well as capture screenshots and drop additional payloads.
A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. "PixPirate belongs to the newest generation of Android banking trojan, as it can perform ATS, enabling attackers to automate the insertion of a malicious money transfer over the Instant Payment platform Pix, adopted by multiple Brazilian banks," researchers Francesco Iubatti and Alessandro Strino said.
The threat actors behind the Windows banking malware known as Casbaneiro has been attributed as behind a novel Android trojan called BrasDex that has been observed targeting Brazilian users as part of an ongoing multi-platform campaign. BrasDex features a "Complex keylogging system designed to abuse Accessibility Services to extract credentials specifically from a set of Brazilian targeted apps, as well as a highly capable Automated Transfer System engine," ThreatFabric said in a report published last week.
The Federal Police of Brazil on Wednesday announced it had arrested an individual for purported links to the notorious LAPSUS$ extortionist gang. Other federal government portals targeted by the LAPSUS$ group in Brazil include the Ministry of Economy, Comptroller General of the Union, and the Federal Highway Police.
A Brazilian threat actor known as Prilex has resurfaced after a year-long operational hiatus with an advanced and complex malware to steal money by means of fraudulent transactions. "The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works," Kaspersky researchers said.
Fast Shop, one of Brazil's largest online retailers, has suffered an 'extortion' cyberattack that led to network disruption and the temporary closure of its online store. Fast Shop is an online retailer selling a wide range of products, including computers, smartphones, gaming consoles, furniture, beauty products, and home appliances.
Brazilian Supreme Federal Court Justice Alexandre de Moraes banned Telegram on Friday from operating in the country and asked the National Telecommunications Agency to notify internet providers to block the messaging app within five days. Although Telegram complied with some court orders to block accounts used to spread disinformation on its platform, the messaging platform failed to comply with points of the Court's decision, including providing registration information for the blocked accounts to Justice.
The RaidForums hacking forum has gone through a turbulent week, with its website now forced through a mirror domain after a government filed a legal request with their registrar. According to the RaidForums admin known as 'Omnipotent,' NameSilo received a report from a certain government and proceeded to deactivate the website owner's account immediately.
The Brazilian Ministry of Economy has disclosed a ransomware attack that hit some of its computing systems on Friday night, right before the start of the weekend."On Friday night a ransomware attack on the internal network of the National Treasury Secretariat was identified," the Brazilian government revealed on Saturday evening.