English
It monitors the user's browser for specific banking URLs. When a bank site is visited, the malware overlays a fake login screen to harvest usernames, passwords, and 2FA codes.
Below is a technical analysis paper detailing the typical behavior, delivery, and impact associated with this specific threat. Technical Analysis: Bicho_curioso.rar Malware Campaign 1. Executive Summary Bicho_curioso.rar
The .rar archive contains an executable file, often disguised with a fake icon (e.g., a PDF or image icon) and a double extension (e.g., Bicho_curioso.jpg.exe ). It monitors the user's browser for specific banking URLs
The file (Portuguese for "curious bug/critter") is a known malicious archive historically used in email phishing campaigns , particularly targeting users in Brazil [2, 3]. Technical Analysis: Bicho_curioso
The emails often claim to contain "curious" photos, "funny" videos, or urgent documents. The name "Bicho_curioso" (Curious Bug) is a psychological bait designed to bypass the user's caution through intrigue.
Upon execution, a Downloader or Dropper is initiated.
