Cybersecurity researchers have unveiled a new phishing campaign dubbed Operation Phantom Enigma, targeting Brazilian users since 2025. Attackers deploy malicious extensions for Chromium-based browsers through phishing emails disguised as invoices. These emails prompt users to download harmful files, which launch scripts designed to bypass security measures. The campaign has resulted in 722 downloads and affected 70 unique victim companies across multiple countries. The attackers aim to steal user authentication data, marking a significant escalation in cyber threats specifically targeting Brazilian online banking security.
Some of the phishing emails were sent from the servers of compromised companies, increasing the chances of a successful attack.
The attackers used a malicious extension for Google Chrome, Microsoft Edge, and Brave browsers, as well as Mesh Agent and PDQ Connect Agent.
Collection
[
|
...
]