20+ Brazilian Government Websites Hijacked to Distribute PhantomEnigma Malware
More than 20 Brazilian government websites were hijacked to distribute the PhantomEnigma malware campaign, leveraging trusted .gov.br infrastructure for phishing attacks and modular backdoor delivery. The attack chain uses compromised government hosts, authenticated emails, and patched applications to evade detection and steal credentials from banks and public agencies.
More than 20 Brazilian government websites were hijacked and turned into malware delivery channels in an active PhantomEnigma campaign uncovered by ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions.
The investigation revealed previously undocumented backdoor behavior, hidden infrastructure relationships, and multiple attack arms behind a campaign
*** END OF TRANSMISSION ***