2023: How hackers have been robbing Portuguese banks for several years
On May 25, 2023, SentinelLabs revealed details of a prolonged cyber attack targeting customers of Portuguese financial institutions. As part of the so-called Operation Magalenha, attackers have been robbing victims since at least 2021.
The attack targets state, state-backed and private banks and other structures. The analysis suggests that the campaign is organized by a Brazilian cybercriminal group. Attackers inject two versions of the backdoor with the common name PeepingTitle into each attacked system. Based on the similarity of functions, experts conclude that these malware are part of a wider ecosystem of Brazilian financial malware, in particular the Maxtrilha family.
PeepingTitle backdoors are implemented in a programming language Delphi and have spyware capabilities. ON They provide criminals with complete control over infected machines, allowing them to perform actions such as monitoring application windows, creating unauthorized screenshots, completing processes and deploying additional malware.
As a result, cybercriminals steal confidential information of a financial nature. Subsequently, the data obtained can be used to directly steal money or to organize phishing attacks and other fraudulent schemes. It is said that attackers are constantly adapting their tactics to the changing landscape of the IT space, in particular, changing cloud service providers. Brazilian hackers distribute malware in a variety of ways: email, social engineering and malicious websites. The amount of damage caused was not disclosed.[1]
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |