September 3, 2024 at 06:48AM
A new Android banking trojan named Rocinante targets mobile users in Brazil, capable of keylogging and stealing personal information from victims. The malware can masquerade as various banking apps and is linked to a threat actor known as DukeEugene. Symantec also highlighted a banking trojan campaign targeting Spanish and Portuguese-speaking regions. Additionally, a new “extensionware-as-a-service” targeting Latin American users has emerged.
Based on the meeting notes, the key takeaways are:
1. A new Android banking trojan named Rocinante is targeting mobile users in Brazil. It is capable of keylogging, stealing PII through phishing screens, and device takeover using the Accessibility Service.
2. Some prominent targets of the malware include financial institutions such as Itaú Shop, Santander, with phony apps masquerading as Bradesco Prime and Correios Celular.
3. The malware is internally called Pegasus (or PegasusSpy) and is believed to be the work of a threat actor dubbed DukeEugene, known for similar malware strains such as ERMAC, BlackRock, Hook, and Loot.
4. Rocinante is mainly distributed via phishing sites aiming to trick users into installing counterfeit dropper apps and establishes contact with a command-and-control (C2) server to await further instructions.
5. The harvested personal information is exfiltrated to a Telegram bot, and the development comes as Symantec highlighted another banking trojan malware campaign targeting Spanish and Portuguese-speaking regions.
6. There is also mention of a new “extensionware-as-a-service” that was advertised for sale through a new version of the Genesis Market, designed to steal sensitive information from users in the Latin American region using malicious web browser extensions.
7. The activity targeting Mexico and other LATAM nations has been attributed to an e-crime group named Cybercartel, offering these types of services to other cybercriminal crews.
This summarizes the main points from the meeting notes regarding the malware campaign and related activities.