A recent cyber espionage campaign, dubbed “Operation Magalenha,” targeted Portuguese banks and institutions, as well as individuals in the private and government sectors, stealing their personal and financial information. Researchers from SentinelLabs have labeled it as one of the largest campaigns seen thus far, stressing its notable payload, “PeepingTitle,” a multifunctional backdoor written in the Delphi programming language used by Brazilian hackers. The campaign indicates a possible lack of discipline among the cybercriminals that are taking advantage of the loose cyber laws in the country, creating a messy ecosystem of threat actors.
Operation Magalenha adopted a scattershot approach, utilizing various methods, including phishing emails, fake app installers, and other forms of social engineering to lure targets into executing a malware loader. Once the malware had taken root, it would download PeepingTitle, which works by tracking and recording the websites that victims had visited. The backdoor then awakens, connects to a C2 server, takes screenshots, and potentially stages further malware. The attackers were indiscriminate in their first phase, targeting both personal and financial data from individuals and institutions, highlighting possible ulterior motives beyond simple financial theft.
PeepingTitle comes in two variants that have almost no meaningful difference between them besides the type of window captured by the malware. This evidence, alongside the cybercriminals’ experimentation with different infrastructure and the nuances of their information stealing, points to the fact that the hackers may not be well-planned or capable, raising questions about their long-term success in their cyber espionage campaigns.
Tom Hegel, senior threat researcher at SentinelOne, noted the need for greater reporting and awareness of cybersecurity issues in the region, which tends to be missed or underreported. He contends that better education and support for law enforcement are crucial toward addressing the problem in Brazil.
In sum, the “Operation Magalenha” campaign highlights the ongoing problem of cybercrime in Brazil and provides an opportunity to raise awareness for legislative and security measures aimed at curbing its impact on individuals and institutions alike. As the number of attacks multiplies, cybersecurity experts must remain vigilant and vigilant to track the changes in the tactics, techniques, and procedures used by cybercriminals, as well as continue to work together with law enforcement to thwart their efforts.