Originally reported by BleepingComputer, Malwarebytes Labs, SecureList (Kaspersky)
TL;DR
Kaspersky researchers identified GoPix, a sophisticated Brazilian banking trojan that operates entirely in memory and uses advanced techniques like PAC file manipulation for man-in-the-middle attacks. Meanwhile, security teams gained a new open-source secrets scanning tool called Betterleaks.
The GoPix banking trojan represents a sophisticated threat targeting financial institutions with advanced techniques, warranting medium severity. Other stories are informational security tool releases and platform updates.
Kaspersky's Global Research and Analysis Team (GReAT) has documented a sophisticated Brazilian banking trojan dubbed GoPix that employs several advanced evasion techniques. According to the research, GoPix operates entirely within system memory without writing files to disk, significantly complicating detection efforts.
The malware utilizes Proxy AutoConfig (PAC) files to conduct man-in-the-middle attacks against banking websites, allowing threat actors to intercept and manipulate user communications with financial institutions. Additionally, GoPix spreads through malvertising campaigns distributed via Google Ads, demonstrating the threat actors' ability to leverage legitimate advertising platforms for initial access.
Kaspersky researchers describe the trojan as "unprecedentedly complex" within the Brazilian banking malware ecosystem, indicating a significant evolution in threat actor capabilities targeting South American financial institutions.
Security practitioners have gained access to a new open-source secrets detection tool called Betterleaks, positioned as an alternative to the established Gitleaks scanner. The tool can analyze directories, files, and git repositories to identify exposed secrets using both default detection rules and custom configurations.
Betterleaks joins the growing ecosystem of automated secrets detection tools designed to prevent credential exposure in code repositories and file systems. The availability of multiple open-source options provides security teams with additional flexibility in implementing secrets scanning across development workflows.
OpenAI has confirmed to BleepingComputer that ChatGPT advertisements for Free and Go plan users remain limited to the United States, despite references to advertising appearing in updated privacy policies that concerned international users.
The clarification addresses confusion that arose when users outside the US noticed ad-related language in policy documentation, leading to speculation about broader advertising deployment across OpenAI's global user base.
Malwarebytes Labs published their weekly security roundup covering threat intelligence and security developments from March 9-15, 2026. The digest provides security practitioners with curated threat landscape updates and analysis from the research team.
Originally reported by BleepingComputer, Malwarebytes Labs, SecureList (Kaspersky)