Bicho_curioso.rar -

Captures keystrokes to steal credentials and private messages.

The emails often claim to contain "curious" photos, "funny" videos, or urgent documents. The name "Bicho_curioso" (Curious Bug) is a psychological bait designed to bypass the user's caution through intrigue.

Sends stolen data back to the attacker’s server via encrypted HTTP or FTP channels. 5. Indicators of Compromise (IoCs) Filenames: Bicho_curioso.rar , Bicho_curioso.exe , Bicho.exe . Bicho_curioso.rar

Disconnect the infected machine from the network immediately.

Unusual outbound traffic to unknown IP addresses, often hosted on low-cost VPS providers. 6. Remediation and Prevention Sends stolen data back to the attacker’s server

Below is a technical analysis paper detailing the typical behavior, delivery, and impact associated with this specific threat. Technical Analysis: Bicho_curioso.rar Malware Campaign 1. Executive Summary

Takes periodic screenshots of the desktop to capture sensitive information that might not be typed (e.g., virtual keyboards). Disconnect the infected machine from the network immediately

The .rar archive contains an executable file, often disguised with a fake icon (e.g., a PDF or image icon) and a double extension (e.g., Bicho_curioso.jpg.exe ).