{"id":24116,"date":"2026-04-12T08:00:00","date_gmt":"2026-04-12T11:00:00","guid":{"rendered":"https:\/\/www.ethicalhacker.com.br\/site\/?p=24116"},"modified":"2026-04-10T11:41:15","modified_gmt":"2026-04-10T14:41:15","slug":"phishing-de-nova-geracao-compromete-executivos-e-burla-mfa","status":"publish","type":"post","link":"https:\/\/www.ethicalhacker.com.br\/site\/2026\/04\/exploits\/phishing-de-nova-geracao-compromete-executivos-e-burla-mfa\/","title":{"rendered":"Phishing de nova gera\u00e7\u00e3o compromete executivos e burla MFA"},"content":{"rendered":"\n\n\n<p style=\"text-align: justify;\" data-section-id=\"suro75\" data-start=\"0\" data-end=\"73\"><strong>VENOM: O phishing de nova gera\u00e7\u00e3o que compromete executivos e burla MFA<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"90\" data-end=\"461\">A evolu\u00e7\u00e3o das amea\u00e7as cibern\u00e9ticas tem demonstrado um movimento claro: ataques mais direcionados, silenciosos e altamente eficazes. Um dos exemplos mais recentes dessa transforma\u00e7\u00e3o \u00e9 a campanha de phishing conhecida como <strong data-start=\"313\" data-end=\"322\">VENOM<\/strong>, projetada especificamente para comprometer credenciais de executivos de alto escal\u00e3o em ambientes corporativos baseados em Microsoft 365.<\/p>\n<p style=\"text-align: justify;\" data-start=\"463\" data-end=\"707\">Diferente de campanhas tradicionais, o VENOM n\u00e3o depende apenas de enganar usu\u00e1rios \u2014 ele explora diretamente fluxos leg\u00edtimos de autentica\u00e7\u00e3o, tornando-se uma amea\u00e7a cr\u00edtica mesmo para organiza\u00e7\u00f5es com autentica\u00e7\u00e3o multifator (MFA) habilitada.<\/p>\n<p data-start=\"463\" data-end=\"707\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1tifd3e\" data-start=\"714\" data-end=\"772\"><strong>O que \u00e9 o VENOM: Phishing-as-a-Service de alta precis\u00e3o<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"774\" data-end=\"950\">O VENOM \u00e9 classificado como uma plataforma <strong data-start=\"817\" data-end=\"850\">PhaaS (Phishing-as-a-Service)<\/strong>, ou seja, um kit estruturado que permite a operadores lan\u00e7ar campanhas sofisticadas com facilidade.<\/p>\n<p style=\"text-align: justify;\" data-start=\"952\" data-end=\"990\">Entre suas caracter\u00edsticas principais:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"992\" data-end=\"1206\">\n<li data-section-id=\"16v5tg2\" data-start=\"992\" data-end=\"1044\">\n<p>Plataforma fechada (n\u00e3o dispon\u00edvel publicamente)<\/p>\n<\/li>\n<li data-section-id=\"1pqlvuv\" data-start=\"1045\" data-end=\"1097\">\n<p>Interface completa de gerenciamento de campanhas<\/p>\n<\/li>\n<li data-section-id=\"1aoe4u7\" data-start=\"1098\" data-end=\"1147\">\n<p>Armazenamento estruturado de tokens e sess\u00f5es<\/p>\n<\/li>\n<li data-section-id=\"mp9fqc\" data-start=\"1148\" data-end=\"1206\">\n<p>Capacidade de escalar ataques altamente personalizados<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"1208\" data-end=\"1393\">Essa abordagem demonstra a profissionaliza\u00e7\u00e3o do cibercrime, onde ferramentas complexas s\u00e3o oferecidas como servi\u00e7o para operadores especializados.<\/p>\n<p data-start=\"1208\" data-end=\"1393\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1g66xgk\" data-start=\"1400\" data-end=\"1459\"><strong>Vetor de ataque: Engenharia social altamente direcionada<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"1461\" data-end=\"1602\">O diferencial do VENOM est\u00e1 na precis\u00e3o dos ataques. Os alvos n\u00e3o s\u00e3o escolhidos aleatoriamente \u2014 s\u00e3o executivos como CEOs, CFOs e diretores.<\/p>\n<p style=\"text-align: justify;\" data-start=\"1604\" data-end=\"1623\">Os ataques incluem:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"1625\" data-end=\"1856\">\n<li data-section-id=\"1xpdf6d\" data-start=\"1625\" data-end=\"1681\">\n<p>E-mails personalizados com contexto corporativo real<\/p>\n<\/li>\n<li data-section-id=\"1cd9zi2\" data-start=\"1682\" data-end=\"1750\">\n<p>Falsas notifica\u00e7\u00f5es de compartilhamento via Microsoft SharePoint<\/p>\n<\/li>\n<li data-section-id=\"8n41wx\" data-start=\"1751\" data-end=\"1795\">\n<p>Simula\u00e7\u00e3o de threads de e-mail leg\u00edtimas<\/p>\n<\/li>\n<li data-section-id=\"wv8ci9\" data-start=\"1796\" data-end=\"1856\">\n<p>Inser\u00e7\u00e3o de ru\u00eddos HTML para burlar filtros de seguran\u00e7a<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"1858\" data-end=\"2052\">Al\u00e9m disso, os atacantes utilizam <strong data-start=\"1892\" data-end=\"1929\">c\u00f3digos QR constru\u00eddos em Unicode<\/strong>, uma t\u00e9cnica inovadora para evitar detec\u00e7\u00e3o por ferramentas de an\u00e1lise automatizada.<\/p>\n<p data-start=\"1858\" data-end=\"2052\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1gr6ew4\" data-start=\"2059\" data-end=\"2114\"><strong>Cadeia de ataque: Do clique ao comprometimento total<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"2116\" data-end=\"2164\">O fluxo do ataque VENOM \u00e9 altamente estruturado:<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"sayoyz\" data-start=\"2166\" data-end=\"2194\"><strong>1. Engajamento inicial<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"2195\" data-end=\"2271\">O usu\u00e1rio recebe um e-mail convincente simulando um documento compartilhado.<\/p>\n<p data-start=\"2195\" data-end=\"2271\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"182i8tq\" data-start=\"2273\" data-end=\"2310\"><strong>2. Redirecionamento inteligente<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"2311\" data-end=\"2390\">Ao escanear o QR code, a v\u00edtima passa por uma p\u00e1gina de verifica\u00e7\u00e3o que filtra:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"2392\" data-end=\"2441\">\n<li data-section-id=\"1vhbvb6\" data-start=\"2392\" data-end=\"2400\">\n<p>Bots<\/p>\n<\/li>\n<li data-section-id=\"ko75ub\" data-start=\"2401\" data-end=\"2414\">\n<p>Sandboxes<\/p>\n<\/li>\n<li data-section-id=\"mf4j2u\" data-start=\"2415\" data-end=\"2441\">\n<p>Ferramentas de an\u00e1lise<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1s62y9s\" data-start=\"2443\" data-end=\"2470\"><strong>3. Execu\u00e7\u00e3o do ataque<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"2471\" data-end=\"2549\">Se validado como alvo real, o usu\u00e1rio \u00e9 direcionado para uma p\u00e1gina falsa que:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"2551\" data-end=\"2653\">\n<li data-section-id=\"wfcgol\" data-start=\"2551\" data-end=\"2583\">\n<p>Replica o login da Microsoft<\/p>\n<\/li>\n<li data-section-id=\"13ipf6c\" data-start=\"2584\" data-end=\"2624\">\n<p>Intercepta credenciais em tempo real<\/p>\n<\/li>\n<li data-section-id=\"ztcnff\" data-start=\"2625\" data-end=\"2653\">\n<p>Captura tokens de sess\u00e3o<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"2eothl\" data-start=\"2655\" data-end=\"2676\"><strong>4. Persist\u00eancia<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"2677\" data-end=\"2792\">Os atacantes registram dispositivos ou capturam tokens OAuth, garantindo acesso cont\u00ednuo mesmo ap\u00f3s troca de senha.<\/p>\n<p style=\"text-align: justify;\" data-start=\"2794\" data-end=\"2918\">Esse modelo transforma um simples login em <strong data-start=\"2837\" data-end=\"2879\">acesso persistente \u00e0 conta corporativa<\/strong>.<\/p>\n<p data-start=\"2794\" data-end=\"2918\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"h93eb8\" data-start=\"2925\" data-end=\"2975\"><strong>T\u00e9cnicas avan\u00e7adas: AiTM e Device Code Phishing<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"2977\" data-end=\"3074\">O VENOM se destaca pelo uso de t\u00e9cnicas modernas que contornam mecanismos tradicionais de defesa:<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"2nyxf9\" data-start=\"3076\" data-end=\"3110\">Adversary-in-the-Middle (AiTM)<\/p>\n<ul style=\"text-align: justify;\" data-start=\"3111\" data-end=\"3222\">\n<li data-section-id=\"1x4dhj5\" data-start=\"3111\" data-end=\"3152\">\n<p>Intercepta autentica\u00e7\u00e3o em tempo real<\/p>\n<\/li>\n<li data-section-id=\"1b8xwaz\" data-start=\"3153\" data-end=\"3190\">\n<p>Captura credenciais e c\u00f3digos MFA<\/p>\n<\/li>\n<li data-section-id=\"1sbxki4\" data-start=\"3191\" data-end=\"3222\">\n<p>Permite sequestro de sess\u00e3o<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-section-id=\"1cwrpdl\" data-start=\"3224\" data-end=\"3248\">Device Code Phishing<\/p>\n<ul style=\"text-align: justify;\" data-start=\"3249\" data-end=\"3417\">\n<li data-section-id=\"swf3c1\" data-start=\"3249\" data-end=\"3306\">\n<p>Explora o fluxo leg\u00edtimo de autentica\u00e7\u00e3o da Microsoft<\/p>\n<\/li>\n<li data-section-id=\"wa1odn\" data-start=\"3307\" data-end=\"3367\">\n<p>Engana o usu\u00e1rio para autorizar um dispositivo malicioso<\/p>\n<\/li>\n<li data-section-id=\"t2b7q4\" data-start=\"3368\" data-end=\"3417\">\n<p>Obt\u00e9m tokens v\u00e1lidos sem necessidade de senha<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"3419\" data-end=\"3555\">Essas t\u00e9cnicas demonstram que o MFA tradicional j\u00e1 n\u00e3o \u00e9 suficiente como camada \u00fanica de prote\u00e7\u00e3o.<\/p>\n<p data-start=\"3419\" data-end=\"3555\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"164uzli\" data-start=\"3562\" data-end=\"3598\"><strong>Evas\u00e3o e sofistica\u00e7\u00e3o operacional<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"3600\" data-end=\"3646\">O VENOM incorpora m\u00faltiplas camadas de evas\u00e3o:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"3648\" data-end=\"3878\">\n<li data-section-id=\"19cxohz\" data-start=\"3648\" data-end=\"3707\">\n<p>Uso de fragmentos de URL (n\u00e3o registrados em logs HTTP)<\/p>\n<\/li>\n<li data-section-id=\"osnpew\" data-start=\"3708\" data-end=\"3770\">\n<p>Redirecionamento de usu\u00e1rios n\u00e3o-alvo para sites leg\u00edtimos<\/p>\n<\/li>\n<li data-section-id=\"1jxcnjl\" data-start=\"3771\" data-end=\"3820\">\n<p>Infraestrutura baseada em servi\u00e7os confi\u00e1veis<\/p>\n<\/li>\n<li data-section-id=\"tecfxg\" data-start=\"3821\" data-end=\"3878\">\n<p>Oculta\u00e7\u00e3o de dados sens\u00edveis em par\u00e2metros invis\u00edveis<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"3880\" data-end=\"3980\">Essa combina\u00e7\u00e3o reduz drasticamente a capacidade de detec\u00e7\u00e3o por sistemas tradicionais de seguran\u00e7a.<\/p>\n<p data-start=\"3880\" data-end=\"3980\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1tgyt1t\" data-start=\"3987\" data-end=\"4031\"><strong>Impacto corporativo e riscos estrat\u00e9gicos<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"4033\" data-end=\"4100\">O comprometimento de contas executivas representa um risco elevado:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"4102\" data-end=\"4276\">\n<li data-section-id=\"1c6zix2\" data-start=\"4102\" data-end=\"4139\">\n<p>Acesso a informa\u00e7\u00f5es estrat\u00e9gicas<\/p>\n<\/li>\n<li data-section-id=\"1iaonxf\" data-start=\"4140\" data-end=\"4184\">\n<p>Possibilidade de fraude financeira (BEC)<\/p>\n<\/li>\n<li data-section-id=\"1oq9bbx\" data-start=\"4185\" data-end=\"4229\">\n<p>Comprometimento de decis\u00f5es corporativas<\/p>\n<\/li>\n<li data-section-id=\"qi9fkx\" data-start=\"4230\" data-end=\"4276\">\n<p>Movimenta\u00e7\u00e3o lateral dentro da organiza\u00e7\u00e3o<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"4278\" data-end=\"4408\">Al\u00e9m disso, ataques direcionados aumentam significativamente a taxa de sucesso, pois exploram confian\u00e7a e contexto organizacional.<\/p>\n<p data-start=\"4278\" data-end=\"4408\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"qjwjy0\" data-start=\"4415\" data-end=\"4452\"><strong>Li\u00e7\u00f5es para ciberseguran\u00e7a moderna<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"4454\" data-end=\"4524\">A campanha VENOM refor\u00e7a mudan\u00e7as fundamentais no paradigma de defesa:<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"g93rrr\" data-start=\"4526\" data-end=\"4560\"><strong>1. MFA n\u00e3o \u00e9 mais suficiente<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"4561\" data-end=\"4622\">Ataques modernos conseguem contornar autentica\u00e7\u00e3o multifator.<\/p>\n<p data-start=\"4561\" data-end=\"4622\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"cayui8\" data-start=\"4624\" data-end=\"4662\"><strong>2. Identidade \u00e9 o novo per\u00edmetro<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"4663\" data-end=\"4721\">Prote\u00e7\u00e3o deve focar em identidade, sess\u00e3o e comportamento.<\/p>\n<p data-start=\"4663\" data-end=\"4721\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1eg3dsc\" data-start=\"4723\" data-end=\"4764\"><strong>3. Treinamento cont\u00ednuo \u00e9 essencial<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"4765\" data-end=\"4836\">Executivos s\u00e3o alvos priorit\u00e1rios e precisam de capacita\u00e7\u00e3o espec\u00edfica.<\/p>\n<p data-start=\"4765\" data-end=\"4836\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1k9am01\" data-start=\"4838\" data-end=\"4880\"><strong>4. Monitoramento de tokens \u00e9 cr\u00edtico<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"4881\" data-end=\"4948\">A detec\u00e7\u00e3o deve ir al\u00e9m de senhas e incluir sess\u00f5es e dispositivos.<\/p>\n<p data-start=\"4881\" data-end=\"4948\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"h85oci\" data-start=\"4955\" data-end=\"4967\"><strong>Conclus\u00e3o<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"4969\" data-end=\"5146\">O VENOM representa um novo est\u00e1gio na evolu\u00e7\u00e3o do phishing: ataques altamente direcionados, com uso de t\u00e9cnicas avan\u00e7adas de intercepta\u00e7\u00e3o e explora\u00e7\u00e3o de autentica\u00e7\u00e3o leg\u00edtima.<\/p>\n<p style=\"text-align: justify;\" data-start=\"5148\" data-end=\"5315\">Ao comprometer diretamente o processo de login \u2014 e n\u00e3o apenas as credenciais \u2014 os atacantes conseguem estabelecer persist\u00eancia mesmo em ambientes considerados seguros.<\/p>\n<p style=\"text-align: justify;\" data-start=\"5317\" data-end=\"5584\">Esse cen\u00e1rio exige uma mudan\u00e7a urgente na abordagem de seguran\u00e7a, onde controles tradicionais devem ser complementados por estrat\u00e9gias mais avan\u00e7adas, como autentica\u00e7\u00e3o resistente a phishing (FIDO2), an\u00e1lise comportamental e pol\u00edticas rigorosas de acesso condicional.<\/p>\n<p style=\"text-align: justify;\" data-start=\"5586\" data-end=\"5733\">A ciberseguran\u00e7a moderna n\u00e3o pode mais depender apenas da confian\u00e7a \u2014 ela deve ser constru\u00edda sobre verifica\u00e7\u00e3o cont\u00ednua e intelig\u00eancia adaptativa.<\/p>\n<p data-start=\"5586\" data-end=\"5733\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1bfeuhi\" data-start=\"5740\" data-end=\"5769\"><strong>Refer\u00eancias Bibliogr\u00e1ficas<\/strong><\/p>\n<ul data-start=\"5771\" data-end=\"6271\">\n<li data-section-id=\"1wsfafd\" data-start=\"5771\" data-end=\"6003\"><strong>CaveiraTech.<\/strong> <em data-start=\"5787\" data-end=\"5867\">Novo ataque de phishing VENOM rouba logins do Microsoft de executivos seniores<\/em>. Dispon\u00edvel em: <a class=\"decorated-link\" href=\"https:\/\/caveiratech.com\/post\/novo-ataque-de-phishing-venom-rouba-logins-do-microsoft-de-executivos-seniores-6246017\" target=\"_blank\" rel=\"noopener\" data-start=\"5886\" data-end=\"6001\">https:\/\/caveiratech.com\/post\/novo-ataque-de-phishing-venom-rouba-logins-do-microsoft-de-executivos-seniores-6246017<\/a><\/li>\n<li data-section-id=\"1dso47s\" data-start=\"6005\" data-end=\"6271\"><strong>Bleeping Computer.<\/strong> <em data-start=\"6027\" data-end=\"6097\">New VENOM phishing attacks steal senior executives&#8217; Microsoft logins<\/em>. Dispon\u00edvel em: <a class=\"decorated-link cursor-pointer\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-venom-phishing-attacks-steal-senior-executives-microsoft-logins\/\" target=\"_blank\" rel=\"noopener\" data-start=\"6116\" data-end=\"6231\">https:\/\/www.bleepingcomputer.com\/news\/security\/new-venom-phishing-attacks-steal-senior-executives-microsoft-logins\/<\/a><\/li>\n<\/ul>\n\n\n","protected":false},"excerpt":{"rendered":"<p>VENOM: O phishing de nova gera\u00e7\u00e3o que compromete executivos e burla MFA A evolu\u00e7\u00e3o das amea\u00e7as cibern\u00e9ticas tem demonstrado um movimento claro: ataques mais direcionados, silenciosos e altamente eficazes. Um dos exemplos mais recentes dessa transforma\u00e7\u00e3o \u00e9 a campanha de phishing conhecida como VENOM, projetada especificamente para comprometer credenciais de executivos de alto escal\u00e3o em [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":24120,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[89,100,21,105],"tags":[],"class_list":["post-24116","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-basico","category-diversos","category-exploits","category-noticias"],"_links":{"self":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/24116","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/comments?post=24116"}],"version-history":[{"count":1,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/24116\/revisions"}],"predecessor-version":[{"id":24119,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/24116\/revisions\/24119"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media\/24120"}],"wp:attachment":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media?parent=24116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/categories?post=24116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/tags?post=24116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}