Bicho_curioso.rar Now

Sends stolen data back to the attacker’s server via encrypted HTTP or FTP channels. 5. Indicators of Compromise (IoCs) Filenames: Bicho_curioso.rar , Bicho_curioso.exe , Bicho.exe .

The file (Portuguese for "curious bug/critter") is a known malicious archive historically used in email phishing campaigns , particularly targeting users in Brazil [2, 3]. Bicho_curioso.rar

The malware creates registry keys (e.g., in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ) to ensure it restarts whenever the computer boots. Sends stolen data back to the attacker’s server

Delete the .rar file and any extracted contents. Do not move them to the Recycle Bin; use Shift + Delete . particularly targeting users in Brazil [2

Upon execution, a Downloader or Dropper is initiated.