Portuguese banks targeted by Brazilian hacker group
The hackers can steal credentials and exfiltrate users’ data and personal information, Sentinel Labs reported.
A Brazilian hacking group has been targeting 30 Portuguese financial institutions, both government and private, since 2021 in a malicious campaign known as Operation Magalenha. Targets include ActivoBank, Caixa Geral de Depósitos, CaixaBank, Citibanamex, Santander, Millennium BCP, ING, Banco BPI and Novobanco.
The campaign was uncovered in a report by Sentinel Labs. The report highlights the tools used by the threat actor, the different infection vectors and the methods used to distribute the malware. These include phishing emails claiming to be from Portuguese Energy and Tax and Customs authorities, social engineering and malicious websites impersonating these organisations. The infection, in all cases, starts with the execution of an obfuscated VB script that fetches and executes a malware loader. This, in turn, loads two variants of the ‘PeepingTitle’ backdoor onto the victim’s system after a delay of five seconds.
PeepingTitle is malware written in Delphi. It can log the victim’s screen, monitor Windows and user interactions, terminate processes on the host, modify its monitoring interval configuration on the fly and execute payloads from executable or DLL files. Since the beginning of Operation Magalenha, Sentinel Labs has observed a number of cases in which the threat actors have demonstrated their ability to overcome operational hurdles.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.