September 30, 2023

Researchers have identified that more than 2 dozens of Portuguese banks have become victims of targeted hacking by threat actors from Brazil.

The campaign is dubbed as operation Magalenha. The hackers implant information-stealing malware to hijack credentials and user data, including personal information, and leverage it for malicious activities apart from financial gains.

The source code shares similarities with the Maxtrilha banking trojan, first discovered in 2021. It is written in Delphi programming language and grant hacker complete control over the infected hosts, capture screenshots, and drop new payloads

Advertisements

The attack starts with phishing emails and websites hosting bogus installers of popular software. Once downloaded on a device, it launches a Visual Basic Script, which executes the malware loader. This loader then downloads/executes the PeepingTitle backdoors. The backdoor starts monitoring users’ web browsing activities.

The backdoor quickly captures screenshots when a user accesses a financial institution’s website or logs into their account. It connects with the attacker’s remote server to launch new malware executables.

This campaign initially exploited cloud service providers such as Dropbox and DigitalOcean. But the hackers had to change course as these platforms tightened their security practices. Now, hackers are relying on Russian web hosting services provider, TimeWeb.

Advertisements

Both backdoors are simultaneously deployed, giving the hackers exceptional control over the compromised devices. Through PeepingTitle, attackers can track window interactions, terminate system processes, capture screenshots, and deploy data exfiltration tools and other malware.

Operation Magalenha indicates Brazilian hackers’ persistent nature and the evolving feature of their campaigns. Researchers wrote that Brazilian groups consistently update their malware tools and tactics, which is why their campaigns are so effective.

This research was documented by researchers from SentinelOne

Indicators of Compromise

  • https[://]tinyurl.com/edpmobilecliente
  • https[://]tinyurl.com/dashboaraudicaofastaccoun
  • https[://]tinyurl.com/edpareaparticulares
  • https[://]tinyurl.com/miareapersonal
  • 001334b045e0d1e28c260380f24c1fa072cb12eb
  • 0131862cd70303d560d47333cce4d2b58505222e
  • 045d5be69b5ba4ffb4253b029cc01d827706c75a
  • 0716415bc910e4a9501d43ac03410288a4e860d4
  • 071c53099decea6d9117e4ee519470140c68c7e9
  • 0a202ca568087eabeb741648be4255d834ab14b1
  • 13b370f368c1df2d30bb8fdf96d84e66e07c8a79
  • 17fe9cdd20a64fec5d471f6878a462a2ef0af212
  • 1a5ad2fb1d4fc4971286bdd5abf669722d7e4c19
  • 1e65c104c765e6e46887f7de04cc14f52dbdfe98
  • 208572a9f44d5349382c58d51d2d14532bc87bb3
  • 266a1c4b8bd95595dcdd46bcb409ee773bd2f407
  • 268d93bfd3f0a8a5cd76eea6311eb2a0b754a4e2
  • 26be17aef483d553c0e5678e35611b019acd28a3
  • 280999b0490bbe06665d35f2cda373fa32bfc59c
  • 2ee320533e687da7613721446dabceecafb940c1
  • 3079bba1a2372282f6bb4a35706144d5b9800953
  • 32d15771736bb5c3232c3fa68ee3da4161177413
  • 35597059ae1f14f50d7fe8b1858525552f62da19
  • 3a1e1294e894b9dd35edfdd59f67049729121619
  • 3be8f26dbc49b8a2504c58de247b838888e15a17
  • 418fabf734c0803f2686a41665f06525cfa3adbb
  • 41ab10d5e057e714d8caad5855c115f5bef76097
  • 42ee272c6bc93c5c0c47024f631350c23edc06fe
  • 43a55a5954d56c4e9fe63cfdd6ab0c97766c9642
  • 44da6f99de08e5193a64a89ce696d775248314d9
  • 45304d8ae20e0fcaf975be64b7844c361ae61537
  • 470e52d04a89318a868402617b2edd16e1a20613
  • 483a4a7e4650502e36dacde33652bf6b62718822
  • 48e77c8ab75d042d1526fe3cd40beeea5fff7794
  • 494d166f7b052c7feaf5666062dcf54525873ac2
  • 4fc26b033677b6a6dc77ae3c4451d3d4421bcc04
  • 51be9fb55ff9606b0f4e887d332608f41533215e
  • 52d06e3b0e3b91165bdba769a94710bbdad8d8d7
  • 542b320b77bb3f826ee17009564613352e5a4911
  • 5c9fc5902ced06f7068f95dfa7c25c1939be3f51
  • 5e38e6a927309aac4679a6d63c1e01b3830ca7c7
  • 5ee9c3e8ff35bc0435d0691112d7f101856d9a51
  • 603ac1e61a39c74d5053ccedd6964ce5f9f365f3
  • 62a1fd987b051586132b1d1752d78821139efb7f
  • 62b1ef509f0f9dffa611f3addface8f91089b0c3
  • 69beb59e75f70487edbbf997aba83b926674a355
  • 6a43e8c05194e066b85845e454d41bf86e1ab376
  • 6a977ae1ad3466f20f50e101b5a561ad3ffc3aa7
  • 6c3d57a7b6631adbe3b6a2c2d88eef6593c51900
  • 6e00ef494a5955df4802c078ae3ffc6c6abdcbd7
  • 72b3be646f03a71e8a2632096ddf6638bc0141c9
  • 7339585c17aaa96e93f971b64548666a3b09d1f9
  • 738aff3e88f498c3607eeadd37b95791acf40196
  • 76b1bb307e1489999da725c2c9fac5b4581cb448
  • 7992e075bc9de98e944930372f1768ccc08e429f
  • 79ce7defeed60bba523bc3779cb9379435157f93
  • 7bbe644df54723d7a48bef58a616a62559401d0d
  • 7e82f8608c199eb32230dd2706c11b2e70ba13d8
  • 7f3c5142f60cd36073b54eda77b38be754a5f7d5
  • 824268bffde52dc44fedc254dc59ef559b7b2d17
  • 830c4e2cc10bbf122882a177a3ea8e810b114c82
  • 8752dab95747175bdb6cb7772cf4d11858049c9d
  • 87ff9f5f3f4853d0c218ac36182fa18bc5e206d0
  • 890c8ab68be8990deb26dab6f5c82f0a812b9fcb
  • 8c62851c74dc2bd1077edfb7456f87b47199925c
  • 8cc16c418764d26b15d41f713551a7d0f214ab4c
  • 97bab3df5acbd1e4ad8b9a38cbbd80c297971490
  • 9ab7bc8a9b4ccbc75903e78d96357e11dfd97535
  • 9c997e9ee92209be186de2a4f9696122bdfbc46d
  • 9eaa52e9f72f0b43648699a3a511d0a7c6ffcdd5
  • a0721a76cc8a0e44bf734206638ba013da809325
  • a28db721736fe5d6281c08b4f2f396da480eb170
  • a53b9e14f316a62e8c6c7a53a7c98158fda29533
  • a7c7233274e34b69b6c62caceebb19135f9034b2
  • acc753a084b8172981b3086122929eb4abde131a
  • afd5ccd6effb4eed6aec656a25ed869b954ee213
  • affcb29e3e8b510cab6b836672511bc738f2d328
  • b0253186f56662ecfbebf95cc91a887e161e32d3
  • b427cf74c820985cc3cedef68b9953c2e83631e1
  • b50ced2769e74050b130fbcb28c6d80880cfe612
  • b7ce5ab969a2088a7d6c401c72eeff63173ce491
  • bed147a98e6bff36cf3bccfc7640d444040e1f0c
  • c3aa8423bba6f01528f822eddb692ae56aa1be6b
  • c43f60bf6c24dd6c290b40afb26ea60094688a73
  • c4c59fc68f225bdec7e22bead289fda2503fb6b0
  • c5239a9994ca54ac08e45ce7443d9226151d0b36
  • cd5892ca5b21999799a04d72fb93dc815f7227aa
  • cdd2f94c542bf369702271cd83c6aa9ff2e595ea
  • d1dca2dc87376c833644a04c74e4f102565e810a
  • d2e078450e479a6cd3b1d95597fd2204fd370c42
  • d86aabf4713b18718421b5c0fd4084143d4f7f08
  • db9521169aaad154e31d4e573414459e26b57900
  • dc04ad9e1d8022a06a28d0522b2a1988c8ed4bab
  • dcdf79b172f340dc173d038d05c7eb826c55c3dc
  • dd46a9c61ad4aee2c865a4144733d1daf7d6bc79
  • dec59a76e8f1703d15fcb7f7532c759aaf717165
  • df0a90c8890f83f760e41c853d9033d3971194e9
  • df99c6fabdf6fc664e9c466af8a2986af0bfbfb8
  • dff84020be1f4691bed628d300df8a8b12a4de7e
  • dff84020be1f4691bed628d300df8a8b12a4de7e
  • e6215a2e0c4745eef724019cab07c04dac75725e
  • e9f9a5f559366a8e66f81d43ecc05d051b6e3853
  • eaa2c945b22f5c1b8bfbd6d8692826d841fc9185
  • f00493ea6b1a2cb50c74feb3af65bfaabf327a07
  • f534e0a04ceb6f3e1a10209f416675e9df127afc
  • f5a99ecd7847cc79210d5df505e222828ad63199
  • f66d71e1ab5c85ed43d21ff567ee3369fe97b6ed
  • f72ade72050a6ce63224aad2c7699160705b414c
  • f9db9f525f2bf09f2b85c91ea09f6251e00e2a95
  • fbcd460acbe8c0919f61946ac0c9ee4d8885075a
  • fff1b8681eadf590034f61ddd69ba035c6980e12
Tags:

Leave a Reply

You may have missed

Progress issues Patches for Critical WS_FTP Flaws

September 29, 2023

NIST Releases SP 800-82r3 guide for OT

September 29, 2023

Cisco Semi-annual Security Advisory Summary

September 29, 2023

BlackTech Havoc’s Organizations with Cisco Router Bug

September 29, 2023

Google fixes fifth Zeroday bug in Chrome

September 28, 2023

OpenSea NFT suffers a Breach

September 28, 2023
%d bloggers like this: