Cybersecurity researchers have uncovered a new campaign targeting Brazilian users using malicious browser extensions and remote access tools to steal banking authentication data. The attack involves phishing emails, malware-laden installers, and sophisticated persistence techniques, affecting numerous companies and individuals. #OperationPhantomEnigma #BrazilianBankingTrojan
Keypoints
- The campaign primarily targets Brazilian users through phishing emails disguised as invoices.
- Malicious extensions are installed via Windows Installer and Inno Setup files, executing JavaScript on targeted bank sites.
- The attacker infrastructure includes remote access tools like MeshCentral Agent and PDQ Connect Agent for control.
- Extensions identified in the attack have been removed from the Chrome Web Store but continue to operate elsewhere.
- The goal is to steal usersβ banking authentication tokens and potentially serve malicious QR codes or loading screens.
Read More: https://thehackernews.com/2025/06/malicious-browser-extensions-infect-722.html