Sends stolen data back to the attacker’s server via encrypted HTTP or FTP channels. 5. Indicators of Compromise (IoCs) Filenames: Bicho_curioso.rar , Bicho_curioso.exe , Bicho.exe .
Delete the .rar file and any extracted contents. Do not move them to the Recycle Bin; use Shift + Delete . Bicho_curioso.rar
Captures keystrokes to steal credentials and private messages. Sends stolen data back to the attacker’s server
Highly localized to Portuguese-speaking regions , specifically Brazil, where banking Trojans are a prevalent threat [3, 4]. 3. Execution Chain 4]. 3. Execution Chain