Today > | 13 High | 31 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

The trojan horse that wanted to fly

Sept. 2, 2024, 4:40 p.m.

Description

Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication. The malware is distributed via phishing websites posing as security updates or banking apps. Rocinante's features include keylogging, phishing screens, data exfiltration, and remote actions. The malware shows influence from Ermac/Hook, indicating a shift in LATAM cybercriminals' interests. Rocinante poses a significant risk to banking customers, potentially leading to unauthorized transfers and account draining.

Date

Published: Sept. 2, 2024, 4:18 p.m.

Created: Sept. 2, 2024, 4:18 p.m.

Modified: Sept. 2, 2024, 4:40 p.m.

Indicators

a4886346e8bcfd20f6b5131f2440004675cf851fa86fef7594f8096f63eb6a38

a39a3acc18c84624489d91d25c4517097f18bf4cc3bb8282aa2689bcfd860b0f

64ec090ea5e22648e46651b12569107f94b10c1e8e4635ef42716aaec28fd6bd

23c51ed174a6014b3207b41a82c2aee0eea16df8fa1cd14c2864fb3307215070

Attack Patterns

Rocinante

Rocinante

Additional Informations

Finance

Brazil