Bicho_curioso.rar -

The .rar archive contains an executable file, often disguised with a fake icon (e.g., a PDF or image icon) and a double extension (e.g., Bicho_curioso.jpg.exe ).

It monitors the user's browser for specific banking URLs. When a bank site is visited, the malware overlays a fake login screen to harvest usernames, passwords, and 2FA codes. Bicho_curioso.rar

Unexpected entries in Run or RunOnce folders. Bicho_curioso.rar

Highly localized to Portuguese-speaking regions , specifically Brazil, where banking Trojans are a prevalent threat [3, 4]. 3. Execution Chain Bicho_curioso.rar

Takes periodic screenshots of the desktop to capture sensitive information that might not be typed (e.g., virtual keyboards).