close
magnifying glass
Get Started
magnifying glass
chevron
Support Language
close
Your Network of Tomorrow
Your Network of Tomorrow
Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.
chevron Get the white paper
          Experience Netskope
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
          chevron Experience Netskope
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            Netskope debuts as a Leader in the Gartner® Magic Quadrant™ for Single-Vendor SASE
            chevron Get the report
              Securing Generative AI for Dummies
              Securing Generative AI for Dummies
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
              chevron Get the eBook
                Modern data loss prevention (DLP) for Dummies eBook
                Modern Data Loss Prevention (DLP) for Dummies
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                chevron Get the eBook
                  Modern SD-WAN for SASE Dummies Book
                  Modern SD-WAN for SASE Dummies
                  Stop playing catch up with your networking architecture
                  chevron Get the eBook
                    Understanding where the risk lies
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                    chevron Watch the demo
                            The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                            The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                            Netskope One Private Access is the only solution that allows you to retire your VPN for good.
                            chevron Get the eBook
                              Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                              Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                              chevron Read the case study
                                Netskope GovCloud
                                Netskope achieves FedRAMP High Authorization
                                Choose Netskope GovCloud to accelerate your agency’s transformation.
                                chevron Learn about Netskope GovCloud
                                  Let's Do Great Things Together
                                  Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.
                                  chevron Netskope Partners
                                    Netskope solutions
                                    Netskope Cloud Exchange
                                    Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
                                    chevron Learn about Cloud Exchange
                                        Netskope Technical Support
                                        Netskope Technical Support
                                        Our qualified support engineers are located worldwide and have diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ensuring timely and quality technical assistance
                                        chevron Technical Support
                                          Netskope video
                                          Netskope Training
                                          Netskope training will help you become a cloud security expert. We are here to help you secure your digital transformation journey and make the most of your cloud, web, and private applications.
                                          chevron Explore Netskope Training
                                            Netskope video
                                            Achieve Business Value with Netskope One SSE
                                            Netskope One Security Service Edge (SSE) enables enterprises to achieve considerable business value by consolidating business critical security services within the Netskope One platform
                                            chevron Get the study
                                              Netskope Threat Labs Report:

                                              Brazil 2025

                                              The 2025 Netskope Threat Labs Brazil report highlights malware distribution via trusted cloud platforms, the rise of generative AI in the workplace, and the growing risk of data exposure through unapproved apps.
                                              Netskope Threat Labs Report

                                              Brazil
                                              2025

                                              In this report Malware downloads
                                              Malware distribution via cloud apps
                                              Phishing
                                              Cloud app phishing
                                              Data policy violations
                                              Data policy violations in cloud apps
                                              GenAI usage
                                              GenAI organizational adoption and usage trends Most used GenAI apps GenAI app usage and data policy violations Shadow AI Most blocked genAI apps
                                              Recommendations Netskope Threat Labs About This Report
                                              9 min read

                                              In this report link link

                                              Brazilian organizations face growing cybersecurity challenges as malware spreads through popular cloud services, generative AI becomes a common workplace tool, and sensitive data leaks through unapproved platforms. This report examines the top trends shaping the threat landscape in Brazil, which include:

                                              Malware distribution: OneDrive is the most abused cloud platform for malware in Brazil, with 13% of organizations reporting monthly encounters. Other top platforms include GitHub, Google Drive, and Amazon S3.

                                              Phishing: Banking and cloud services are the top targets in phishing campaigns. Microsoft 365 remains the most impersonated app, followed by Adobe and Yahoo.

                                              Data policy violations: 62% of incidents involve unauthorized uploads of regulated data, with source code (18%) as the next most common category. These trends intensify with personal app usage, where regulated data violations rise to 73%.

                                              GenAI usage: 96% of organizations in Brazil use genAI tools, with personal account usage dropping from 80% to 63% during the last year. Organization-managed genAI app usage has increased from 13% to 31%, while just 6% of companies use both managed and personal accounts.

                                               

                                               test answer

                                              Malware downloads link link

                                              Malware distribution via cloud apps

                                              Threat actors often select malware hosting locations with strategic intent, which makes hosting an integral component of broader social engineering campaigns. They commonly abuse widely trusted platforms, particularly popular cloud-based applications, knowing that the inherent trust in these services increases the likelihood that recipients will engage with malicious content and ultimately deploy ransomware, infostealers, or JavaScript downloaders. Although malware is disseminated through a wide array of platforms, the following analysis focuses on the four most frequently used services, based on the prevalence of malware downloads among organizations in Brazil.

                                              Over the past year, OneDrive was the most used platform for malware distribution, with 13% of organizations in Brazil reporting monthly encounters with malicious downloads originating from the service. OneDrive’s continued prevalence in malware delivery is likely due to its widespread use within organizations and the inherent trust users place in Microsoft services, which adversaries exploit to bypass detection.

                                              Trailing Microsoft OneDrive are GitHub, Google Drive, and Amazon S3, platforms that are deeply embedded in enterprise operations and present attractive targets for malicious actors. While all of these providers actively monitor for and work to remove harmful content, the efficacy of any given malware campaign often hinges on the speed at which the content propagates relative to the platform’s response in eliminating it.

                                              2025 Netskope Threat Labs Brazil - Top apps for malware downloads in Brazil

                                               

                                              Phishing link link

                                              Cloud app phishing

                                              Phishing attacks typically involve tactics such as creating fraudulent login pages, deploying reverse proxy tools to capture authentication details, or crafting deceptive applications designed to trick users into granting access. Despite the implementation of mandatory security awareness training in many organizations, a significant number of users continue to engage with phishing links. This threat persists due to attackers’ growing ability to craft highly deceptive and convincing baits that abuse user trust and routine behaviors.

                                              Among the brands most frequently used in phishing campaigns, in Brazil, banking stands out. Attackers use banking baits to conduct fraud, steal sensitive account details, or intercept financial transactions. Cloud services follow closely behind, with threat actors often seeking to harvest login credentials that can be sold on underground marketplaces or used to conduct business email compromise, exfiltrate data, or escalate access within an organization. Social media platforms also remain common targets, exploited by seemingly less sophisticated attackers for scams and malware distribution, or by more advanced threat actors for spreading disinformation and harvesting social data.

                                              2025 Netskope Threat Labs Brazil - Top phishing targets by links clicked in Brazil

                                              Among the impersonated brands used in phishing campaigns, Microsoft is by far the most commonly targeted, particularly in services like Microsoft Live and 365. Attackers also frequently spoof Adobe apps and Yahoo login pages, focusing directly on harvesting user credentials. Meanwhile, phishing pages mimicking Adobe and Yahoo operate slightly differently, leveraging trusted brand imagery to collect credentials not just for those services, but for a broader range of accounts. These pages often include an “other” option, encouraging users to input any email and password combination, with Microsoft 365 frequently being the ultimate target.

                                              Given Microsoft’s dominance in the productivity space, it is unsurprising that phishing attempts impersonating Microsoft products account for a plurality of user interactions with phishing links.

                                              2025 Netskope Threat Labs Brazil - Top cloud phishing targets by links clicked in Brazil

                                               

                                              Data policy violations link link

                                              Data policy violations in cloud apps

                                              In Brazil, the most frequent type of data policy violation involves the unauthorized upload of regulated data to websites or cloud services not managed by the organization. Regulated data represents the majority of these incidents, accounting for 62% of all recorded policies. Source code follows as the second most common category, comprising 18% of violations. These trends underscore the critical need for enhanced data protection protocols and comprehensive employee training to prevent the inadvertent exposure of sensitive or proprietary information through unapproved platforms.

                                              2025 Netskope Threat Labs Brazil - Type of data policy violations in Brazil

                                              A closer examination of data policy violations involving personal applications reveals that the overall pattern remains largely consistent, with regulated data continuing to account for the majority of incidents. Notably, the proportion of violations involving regulated data has increased from 62% to 73%, reinforcing the persistent risk of users uploading sensitive information to unapproved personal cloud services. Source code also remains a significant category, maintaining its share of 18% of total violations. These findings emphasize the ongoing need for organizations to monitor data movement across personal applications and enforce strict controls to safeguard regulated information.

                                              2025 Netskope Threat Labs Brazil - Data policy violations for personal apps in Brazil

                                               

                                              GenAI usage link link

                                              GenAI organizational adoption and usage trends

                                              GenAI adoption is now widespread across Brazil, with 96% of organizations actively using cloud-based genAI applications in their operations. This reflects a strong national shift toward integrating generative AI into business workflows. During the same period, the use of personal genAI accounts has dropped significantly, from 80% to 63%, possibly indicating a growing preference for more secure, organization-managed solutions. The proportion of users accessing organization-managed genAI applications has risen notably, from 13% to 31%, highlighting increased emphasis on governance and data protection, while the usage of both personal and managed accounts remains constant at 6%. As this trend continues, Brazilian organizations must prioritize secure, enterprise-grade genAI platforms to stay competitive while ensuring compliance and managing risk effectively.

                                              GenAI usage personal vs. organization account breakdown in Brazil

                                              Most used GenAI apps

                                              The top 10 genAI apps used by Brazilian organizations are similar to global trends, with the following highlights:

                                              • ChatGPT is by far the most widely used genAI app in Brazil, in use in 85% of organizations.
                                              • Google Gemini is steadily gaining traction as a leading alternative to ChatGPT.

                                              The remainder of the top 10 is a range of domain-specific and embedded AI tools.

                                              2025 Netskope Threat Labs Brazil - Most popular genAI apps based on the percentage of orgs using those apps in Brazil

                                              GenAI app usage and data policy violations

                                              As genAI applications see widespread adoption across Brazil, and globally, many organizations are turning to data loss prevention (DLP) tools to address the growing security risks associated with their use. A significant portion of the sensitive data shared with genAI platforms includes source code, regulated data, and other confidential business information. Notably, 44% of data policy violations involving genAI apps are tied to exposed source code, highlighting a major area of concern for developers and security teams alike.

                                              This trend isn’t unique to Brazil; similar patterns are emerging worldwide, as genAI tools become deeply embedded in software development and daily workflows. While these tools offer clear gains in productivity and efficiency, they also introduce new risks of data leakage. To use genAI safely, organizations must strike the right balance between leveraging its capabilities and enforcing strong data governance to protect critical assets.

                                              2025 Netskope Threat Labs Brazil - Type of data policy violations for genAI apps in Brazil

                                              Shadow AI

                                              While the specific genAI apps being blocked may vary by organization, those with consistently high block rates, like the ones listed below, should encourage IT and security teams to evaluate their presence across their own environments. This also presents a timely opportunity to review controls for entire categories of genAI tools. AiChatting currently ranks as the most commonly blocked genAI app, with 46% of organizations in Brazil blocking it, followed by Tactiq, Pixlr, and Poe AI. These apps are often restricted due to concerns around data privacy, lack of enterprise-grade features, or misalignment with internal policies. The overall trend shows that organizations increasingly use block policies not just for risk mitigation, but to steer users toward approved tools that meet security and compliance standards.

                                              2025 Netskope Threat Labs Brazil - Type of policy violations for personal genAI apps in Brazil

                                              Most blocked genAI apps

                                              While the specific genAI apps being blocked may vary by organization, those with consistently high block rates, like the ones listed below, should encourage IT and security teams to evaluate their presence across their own environments. This also presents a timely opportunity to review controls for entire categories of genAI tools. AiChatting currently ranks as the most commonly blocked genAI app, with 46% of organizations in Brazil blocking it, followed by Tactiq, Pixlr, and Poe AI. These apps are often restricted due to concerns around data privacy, lack of enterprise-grade features, or misalignment with internal policies. The overall trend shows that organizations increasingly use block policies not just for risk mitigation, but to steer users toward approved tools that meet security and compliance standards.

                                              2025 Netskope Threat Labs Brazil - Most blocked AI apps by percentage of organizations enacting a blanket ban on the app in Brazil

                                              Recommendations link link

                                              With the growing use of generative AI tools (both managed and personal), alongside the rise in phishing tactics, misuse of personal cloud apps, strengthening visibility, refining policies, and prioritizing proactive defenses will be key to staying protected in this fast-changing threat landscape.

                                              Based on the trends highlighted in this report, Netskope Threat Labs urges organizations in Brazil to re-evaluate their overall security strategies and ensure they are equipped to handle the evolving risks associated with genAI adoption. We recommend organizations to:

                                              • Inspect all HTTP and HTTPS downloads, including all web and cloud traffic, to prevent malware from infiltrating your network. Netskope customers can configure their Netskope NG-SWG with a Threat Protection policy that applies to downloads from all categories and applies to all file types.
                                              • Block access to apps that do not serve any legitimate business purpose or that pose a disproportionate risk to the organization. A good starting point is a policy to allow reputable apps currently in use while blocking all others.
                                              • Use DLP policies to detect potentially sensitive information, including source code, regulated data, passwords and keys, intellectual property, and encrypted data, being sent to personal app instances, genAI apps, or other unauthorized locations.
                                              • Use Remote Browser Isolation (RBI) technology to provide additional protection when there is a need to visit websites that fall into categories that can present higher risk, like newly observed and newly registered domains.

                                               

                                              Netskope Threat Labs link link

                                              Staffed by the industry’s foremost cloud threat and malware researchers, Netskope Threat Labs discovers, analyzes, and designs defenses against the latest cloud threats affecting enterprises. Our researchers are regular presenters and volunteers at top security conferences, including DefCon, BlackHat, and RSA.

                                               

                                              About This Report link link

                                              Netskope provides threat protection to millions of users worldwide. Information presented in this report is based on anonymized usage data collected by the Netskope One platform relating to a subset of Netskope customers with prior authorization.

                                              The statistics in this report are based on the period from April 1, 2024, through April 31, 2025. Stats reflect attacker tactics, user behavior, and organization policy.

                                              Threat Labs Reports

                                              In the monthly Netskope Threat Labs Report, you will find the top 5 malicious domains, malware, and apps that the Netskope Security Cloud platform blocked plus recent publications and a threat roundup.

                                              Browse reports
                                              Threat labs

                                              Accelerate your cloud, data, AI, and network security program with Netskope

                                              Get Started