216.73.217.24

The trojan horse that wanted to fly

· Published 02/09/2024 16:18 · Modified 02/09/2024 16:40

Export JSON

Essential information

Published
02/09/2024 16:18
Modified
02/09/2024 16:40
Tags
2024-09-02 banking trojan brazil device takeover ermac hook keylogging mobile malware phishing remote access rocinante
Related entities
4 observables, 1 intrusion sets (apt), 1 malware, 2 others

Description

is a new strain of originating from , capable of , stealing PII through , and performing . It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication. The malware is distributed via websites posing as security updates or banking apps. 's features include , screens, data exfiltration, and remote actions. The malware shows influence from /, indicating a shift in LATAM cybercriminals' interests. poses a significant risk to banking customers, potentially leading to unauthorized transfers and account draining.

External references