Attention Android users: A new form of malware is posing as a banking app and targeting mobile banking users in Brazil. The Rocinante malware, as reported by TechRadar and cybersecurity researchers ThreatFabric, is being spread through phishing emails disguised as banking or corporate applications.
Once installed, Rocinante requests various permissions, including the Accessibility Service permission typically reserved for system applications. If granted, the malware can steal sensitive data, such as banking login information and passwords, by displaying fake login pages. It then sends the stolen data to a Telegram bot accessible to hackers.
To protect yourself, be cautious of suspicious emails and only download applications from trusted sources like the Google Play Store. Additionally, avoid granting Accessibility Service permissions to unknown applications.
Security experts warn that these attacks will likely continue, so users must remain vigilant and take proactive measures to safeguard their personal information.