Threats Tagged 'banking-stealer'
View all threats tagged with 'banking-stealer'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'banking-stealer'
Click on any threat for detailed analysis and mitigation recommendations
59 Victims, Zero Authentication: A ClickFix Campaign Force-Installs a Chrome Extension Banking Stealer and Leaves the Entire C2 Wide Open 0 A Brazilian banking fraud operation leveraging ClickFix social engineering was discovered through a community tip, exposing a completely unauthenticated command-and-control infrastructure. The campaign deploys a malicious Chrome extension masquerading as a Banco Central do Brasil tool, force-installed via Chrome Cloud Management enrollment tokens. The extension achieves zero antivirus detections while targeting eight Brazilian financial institutions. At investigation time, 59 machines were compromised with seven active connections. The operator's C2 server exposed all endpoints without authentication, including admin panels, live victim screenshots, stolen credentials in cleartext, and intercepted Pix payment data. Attribution was established through WHOIS records revealing the operator's real name, CPF, and email address. The operation specifically targeted Northern Brazilian regional banks and credit cooperatives, with evidence of compromising a school fund account. Join the discussion | AlienVault OTX General | 04/14/2026, 13:56:58 UTC Added: 04/14/2026, 14:16:51 UTC |
Showing 1 to 1 of 1 result