Rocinante Trojan Pretends as Banking Apps to Steal Data from Brazilian Android Users.

SeniorTechInfo
2 Min Read

Attention all mobile users in Brazil! A new malware campaign is targeting you, delivering the malicious Android banking trojan known as Rocinante. This insidious malware is not to be taken lightly – it can perform keylogging, steal personal information using phishing screens, and even take over your device completely. Stay vigilant!

According to Dutch security company ThreatFabric, Rocinante has been identified as a dangerous threat that poses as various banking apps such as Itaú Shop, Santander, Bradesco Prime, Correios Celular, and others. Be careful while downloading apps from unfamiliar sources!

Experts have also discovered that Rocinante shares similarities with the malicious PegasusSpy malware. This connection points towards a potential threat actor named DukeEugene behind the scenes, known for creating other malware strains like ERMAC, BlackRock, and Loot. The plot thickens…

Rocinante mainly spreads through phishing sites, enticing users to download fake dropper apps that then request accessibility service privileges. Once granted, the malware can intercept messages, serve phishing pages, and establish connections with command-and-control servers – leading to potential data theft and device compromise. Scary stuff!

Google has reassured Android users that Play Protect is actively guarding against this threat, even if apps are downloaded from non-Google sources. But the fight against malware continues, with other campaigns like the secureserver[.]net domain exploit and the genesis of extensionware-as-a-service looming on the horizon. Stay informed and secure!

As the cybersecurity landscape evolves, it’s crucial to stay informed about the latest threats and protective measures. Follow us on Twitter and LinkedIn to keep up with exclusive content and expert insights. Your safety is our priority!

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *