GoPix banking Trojan targeting Brazilian financial institutions
Pulse ID: 69bb25e552bba70d1650edb9
Pulse Link: https://otx.alienvault.com/pulse/69bb25e552bba70d1650edb9
Pulse Author: Tr1sa111
Created: 2026-03-18 22:23:33
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Bank #BankingTrojan #Brazil #CyberSecurity #GoPIX #InfoSec #OTX #OpenThreatExchange #Trojan #bot #Tr1sa111
How to uncover a Horabot campaign and detect this malware
This report details the discovery and analysis of a Horabot malware campaign targeting primarily Mexican users. The attack chain begins with a fake CAPTCHA page leading to multiple stages of obfuscated scripts, ultimately delivering an AutoIT loader and a Delphi-based banking Trojan. The malware employs sophisticated encryption techniques, anti-VM checks, and a custom protocol for C2 communication. It also includes a spreader component written in PowerShell that harvests and exfiltrates email addresses to distribute phishing emails. The analysis reveals Brazilian Portuguese comments in the code, suggesting the threat actor's origin. The report provides detection opportunities including YARA rules and hunting queries to identify this threat.
Pulse ID: 69ba893ac080b945c5abb563
Pulse Link: https://otx.alienvault.com/pulse/69ba893ac080b945c5abb563
Pulse Author: AlienVault
Created: 2026-03-18 11:15:06
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Autoit #Bank #BankingTrojan #Brazil #CAPTCHA #CyberSecurity #Delphi #Email #Encryption #InfoSec #Malware #Mexican #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Trojan #bot #AlienVault
GoPix banking Trojan targeting Brazilian financial institutions
GoPix is an advanced persistent threat targeting Brazilian financial institutions and cryptocurrency users. It uses memory-only implants and obfuscated PowerShell scripts, evolving from previous RAT and ATS threats. The malware employs sophisticated techniques, including malvertising via Google Ads, man-in-the-middle attacks, and monitoring of Pix transactions and Boleto slips. GoPix bypasses security measures, maintains persistence, and uses robust cleanup mechanisms. It leverages multiple obfuscation layers and a stolen code signing certificate to evade detection. The threat actors carefully select victims, including financial bodies of state governments and large corporations, using legitimate anti-fraud services for targeted delivery.
Pulse ID: 69b81e54cf83df8f4401d65d
Pulse Link: https://otx.alienvault.com/pulse/69b81e54cf83df8f4401d65d
Pulse Author: AlienVault
Created: 2026-03-16 15:14:28
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Bank #BankingTrojan #Brazil #CyberSecurity #GoPIX #Google #GoogleAds #Government #InfoSec #Malvertising #Malware #OTX #OpenThreatExchange #PowerShell #RAT #SMS #Trojan #bot #cryptocurrency #AlienVault
New Rust Based VENON Malware Steals Banking Credentials
New banking malware called VENON that targets Windows computers.
The malware works similarly to other banking trojans like Grandoreiro,
Mekotio and Coyote.
Pulse ID: 69b5d746268d5e99c53cd2b9
Pulse Link: https://otx.alienvault.com/pulse/69b5d746268d5e99c53cd2b9
Pulse Author: cryptocti
Created: 2026-03-14 21:46:46
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Bank #BankingTrojan #Coyote #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #Rust #Trojan #Windows #bot #cryptocti
BeatBanker: both banker and miner for Android
BeatBanker is a sophisticated Android malware campaign targeting Brazil. It spreads through phishing attacks using a fake Google Play Store website. The malware combines a cryptocurrency miner and a banking Trojan capable of hijacking devices and overlaying screens. It employs creative persistence mechanisms, including playing an inaudible audio loop. BeatBanker monitors device status, disguises itself as legitimate apps, and targets cryptocurrency transactions on Binance and Trust Wallet. Recent variants have replaced the banking module with the BTMOB remote administration tool, expanding its capabilities. The threat demonstrates advanced evasion techniques, uses Firebase Cloud Messaging for command and control, and targets multiple browsers for data collection. Victims are primarily located in Brazil, with some samples spreading via WhatsApp.
Pulse ID: 69b00dee760ddbc37285d8c3
Pulse Link: https://otx.alienvault.com/pulse/69b00dee760ddbc37285d8c3
Pulse Author: AlienVault
Created: 2026-03-10 12:26:22
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Android #Bank #BankingTrojan #Binance #Brazil #Browser #Cloud #CyberSecurity #ELF #Google #GooglePlay #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #RAT #Rust #SMS #Trojan #WhatsApp #bot #cryptocurrency #AlienVault
Albiriox: il malware Android che svuota i conti correnti
#Albiriox #Android #App #BankingTrojan #CyberSecurity #Frode #GooglePlayProtect #MaaS #MalwareAndroid #Sicurezza #TechNews #Tecnologia #Trojan #Truffa
https://www.ceotech.it/albiriox-il-malware-android-che-svuota-i-conti-correnti/
🚨 Alert: The new #EternidadeStealer is using WhatsApp to spread malicious files to steal banking and crypto data from users. Watch out and don’t open unexpected attachments, plus verify messages from contacts.
Read: https://hackread.com/eternidade-stealer-whatsapp-steal-banking-data/
📰 Herodotus Android Malware Mimics Human Typing to Bypass Biometric Security
🤖 New "Herodotus" Android banking trojan mimics human typing to bypass biometric security! Sold as MaaS, it takes over devices to steal from banking & crypto apps. Active in Italy & Brazil. #Android #Malware #BankingTrojan #MobileSecurity
Android malware alert: Mobdro Pro IP TV + VPN installs Klopatra banking Trojan, compromising devices and banking credentials.
More info: https://www.technadu.com/fake-vpn-spreads-malware-targeting-android-banking-accounts/611164/
#AndroidSecurity #CyberSecurity #BankingTrojan #MobileSecurity #VPN #TechNadu
ERMAC V3.0's source code leak reveals a crafty banking trojan overlaying fake forms on trusted apps—and its glaring vulnerabilities could reshape cyber defenses. How safe are your apps?
#ermacv3
#androidmalware
#cybersecurity
#bankingtrojan
#malwareanalysis
OTX Bot
CEOTECH.IT
Hackread.com
CyberNetsecIO
TechNadu
The DefendOps Diaries