Free real estate: GoPix, the banking Trojan living off your memory

GoPix is an advanced, active banking Trojan campaign targeting Brazilian financial-institution customers and cryptocurrency users via malvertising (Google Ads), staged PowerShell loaders, memory-only implants, and novel PAC-based MITM interception that injects trusted root certificates into browser memory; the report documents the full infection chain, evasion techniques, targeted objectives (Pix, Boleto, crypto wallets), and includes technical indicators (hashes, domains, certificate thumbprints).