The trojan horse that wanted to fly
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication. The malware is distributed via phishing websites posing as security updates or banking apps. Rocinante's features include keylogging, phishing screens, data exfiltration, and remote actions. The malware shows influence from Ermac/Hook, indicating a shift in LATAM cybercriminals' interests. Rocinante poses a significant risk to banking customers, potentially leading to unauthorized transfers and account draining.
OPENCTI LABELS :
phishing,brazil,banking trojan,keylogging,remote access,mobile malware,device takeover,hook,rocinante,ermac
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
The trojan horse that wanted to fly