Friend
Professional
- Messages
- 2,669
- Reaction score
- 944
- Points
- 113
The insidious Trojan disguises itself as banking apps, stealing the last savings.
ThreatFabric researchers have recently documented the activity of a new Android malware targeting banking users in Brazil. Security experts have identified a new threat called Rocinante, which is a modern type of banking Trojan capable of taking control of the victim's device and stealing their personal data.
The Rocinante, named after Don Quixote's horse, is designed with state-of-the-art technology that allows it to intercept inputs, mimic the interface of banking applications, and gain full access to the device through the use of Android accessibility privileges. Malware actively uses phishing screens to collect sensitive information, which is then transmitted to attackers.
Despite its unique features, Rocinante is often confused with another well-known spyware – Pegasus. Although the name Pegasus is also used internally by the creators of Rocinante, this software is not related to the well-known spyware tool from the NSO Group, designed to spy on journalists, activists and political figures. The main difference between Rocinante is its focus on financial gain through the compromise of users' banking data in Brazil.
Rocinante is distributed through phishing sites that offer to install malicious APK files under the guise of legitimate bank applications or security services. As soon as the user grants the application the necessary rights, the malware begins to record all actions on the device and send the received data to the attackers' servers.
A feature of Rocinante is its ability to dynamically change attack targets, which allows you to use the same malicious code to attack different financial institutions depending on the region. However, in the case of Brazil, the list of targets is hard-coded and includes the country's largest banking institutions, such as Bradesco, Itaú and Banco do Brasil.
In addition, Rocinante differs in its code integration from another well-known malicious program, Ermac, which indicates the interest of Brazilian cybercriminals in using the developments of their foreign colleagues. However, despite the borrowings, the Rocinante retains its uniqueness and danger, continuing to evolve and adapt to local conditions.
With its keylogging, phishing, and remote access capabilities, Rocinante poses a significant risk to banking customers, as their sensitive financial data, including account numbers, passwords, and transaction details, can be compromised. With this information at their disposal, attackers can initiate unauthorized transfers and empty bank accounts.
In addition, the ability to access remotely allows attackers to maintain constant control of the device, monitor activities, and potentially manipulate transactions in real-time, further increasing the financial risk for unsuspecting customers.
Experts warn about the need for increased caution when downloading applications and recommend checking the authenticity of the software before installing it. It is important to remember that attackers continue to look for new ways to deceive users, and Rocinante is just one example of how modern cyber threats can evolve and adapt to different conditions.
Source
ThreatFabric researchers have recently documented the activity of a new Android malware targeting banking users in Brazil. Security experts have identified a new threat called Rocinante, which is a modern type of banking Trojan capable of taking control of the victim's device and stealing their personal data.
The Rocinante, named after Don Quixote's horse, is designed with state-of-the-art technology that allows it to intercept inputs, mimic the interface of banking applications, and gain full access to the device through the use of Android accessibility privileges. Malware actively uses phishing screens to collect sensitive information, which is then transmitted to attackers.
Despite its unique features, Rocinante is often confused with another well-known spyware – Pegasus. Although the name Pegasus is also used internally by the creators of Rocinante, this software is not related to the well-known spyware tool from the NSO Group, designed to spy on journalists, activists and political figures. The main difference between Rocinante is its focus on financial gain through the compromise of users' banking data in Brazil.
Rocinante is distributed through phishing sites that offer to install malicious APK files under the guise of legitimate bank applications or security services. As soon as the user grants the application the necessary rights, the malware begins to record all actions on the device and send the received data to the attackers' servers.
A feature of Rocinante is its ability to dynamically change attack targets, which allows you to use the same malicious code to attack different financial institutions depending on the region. However, in the case of Brazil, the list of targets is hard-coded and includes the country's largest banking institutions, such as Bradesco, Itaú and Banco do Brasil.
In addition, Rocinante differs in its code integration from another well-known malicious program, Ermac, which indicates the interest of Brazilian cybercriminals in using the developments of their foreign colleagues. However, despite the borrowings, the Rocinante retains its uniqueness and danger, continuing to evolve and adapt to local conditions.
With its keylogging, phishing, and remote access capabilities, Rocinante poses a significant risk to banking customers, as their sensitive financial data, including account numbers, passwords, and transaction details, can be compromised. With this information at their disposal, attackers can initiate unauthorized transfers and empty bank accounts.
In addition, the ability to access remotely allows attackers to maintain constant control of the device, monitor activities, and potentially manipulate transactions in real-time, further increasing the financial risk for unsuspecting customers.
Experts warn about the need for increased caution when downloading applications and recommend checking the authenticity of the software before installing it. It is important to remember that attackers continue to look for new ways to deceive users, and Rocinante is just one example of how modern cyber threats can evolve and adapt to different conditions.
Source
