The emails often claim to contain "curious" photos, "funny" videos, or urgent documents. The name "Bicho_curioso" (Curious Bug) is a psychological bait designed to bypass the user's caution through intrigue.
Disconnect the infected machine from the network immediately. Bicho_curioso.rar
Highly localized to Portuguese-speaking regions , specifically Brazil, where banking Trojans are a prevalent threat [3, 4]. 3. Execution Chain The emails often claim to contain "curious" photos,
The "Bicho_curioso.rar" file is a delivery vehicle for banking Trojans and info-stealers. Attackers leverage social engineering—using a title that piques curiosity—to trick users into downloading and executing the archive's contents. Once opened, it typically deploys malware designed to steal financial credentials and personal data. 2. Delivery and Social Engineering Primarily distributed via Phishing Emails (Spam). and 2FA codes.
It monitors the user's browser for specific banking URLs. When a bank site is visited, the malware overlays a fake login screen to harvest usernames, passwords, and 2FA codes.