Dark
Light

Rocinante Trojan steals sensitive data from Brazilian Android banking app users

1 min read
62 views

TLDR:

  • Rocinante Trojan targets Brazilian Android users and poses as banking apps to steal sensitive data.
  • Malware named Rocinante is capable of keylogging, phishing, and device takeover.

Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. This malware family is capable of performing keylogging using the Accessibility Service, stealing PII through phishing screens posing as different banks, and performing device takeover by leveraging accessibility service privileges. The malware targets prominent financial institutions and is distributed via phishing sites that trick users into installing fake dropper apps. The harvested information is exfiltrated to a Telegram bot. Source code analysis has linked Rocinante to an operator who has developed similar malware strains in the past. This development comes amidst other malware campaigns targeting Spanish and Portuguese-speaking regions, as well as the emergence of “extensionware-as-a-service” designed to steal sensitive information from users in the Latin American region.

Previous Story

London transport hit by cyberattack – be alert and flexible

Next Story

Hong Kong is gearing up for its groundbreaking cybersecurity legislation

Latest from News