Buguroo is calling attention to the threat of the BasBanke Trojan for Android devices in a new post on the company blog. Also known as Coybot, the BasBanke Trojan specifically targets Brazilian banking institutions, although it does have some similarities to the Pazera Trojan that goes after Windows devices in Latin America more broadly.

According to Buguroo, the BasBanke Trojan seems to spread through fake Facebook posts and WhatsApp messages. Once it infects an Android device, it will track the activity on that device and overlay a fake login page that is designed to mimic the actual login page of an app like Google Play, tricking the user into entering credentials that can be captured by the malware.

In many cases, the overlay will only appear when the user tries to open the app, which makes the user think the activity is legitimate and makes the gimmick even more effective. Coybot also uses Base64 encryption to make the malware harder to detect.

The Trojan first appeared in 2018, and has only appeared sporadically in the months since. However, it is not the only Trojan of its kind, and highlights the fact that consumers are often not aware that a device has been infected.

Buguroo notes that one-time SMS passwords sent via text message can be easily intercepted and are therefore unreliable as a security measure. The company presents behavioral biometrics as a potential solution to the problem, arguing that continuous authentication during a banking session can help stop cybercriminals that have managed to get their hands on someone’s account and login information.

In that regard, the post is merely Buguroo’s latest security primer. The company has already detailed some of the strengths and weaknesses of various forms of two-factor authentication, and discussed countermeasures that can be taken to prevent first and second party fraud.

Buguroo also received $11 million in Series A funding in November.