Bicho_curioso.rar Apr 2026

It monitors the user's browser for specific banking URLs. When a bank site is visited, the malware overlays a fake login screen to harvest usernames, passwords, and 2FA codes.

Unexpected entries in Run or RunOnce folders. Bicho_curioso.rar

The malware creates registry keys (e.g., in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ) to ensure it restarts whenever the computer boots. It monitors the user's browser for specific banking URLs

Run a full system scan using reputable anti-malware software updated with the latest definitions. particularly targeting users in Brazil [2

The file (Portuguese for "curious bug/critter") is a known malicious archive historically used in email phishing campaigns , particularly targeting users in Brazil [2, 3].