Portuguese 
English 
Spanish 
4 min of reading 
0 comments 
Bradesco Reported That A Discontinued Application At The End Of 2024 Could Still Be Used As A Vector, After Researchers Observed Possible DLL Side Loading And Association With A Banking Trojan. With No Record Of Direct Losses, The Case Reopens The Debate About Security, Maintenance, And Updates In The Bank’s Digital Channels Today
Bradesco issued a warning after identifying a technical issue related to an old application, noted by researchers as a possible link in a scenario of misuse of digital components. The central concern is not an isolated expense, but the attack surface that remains active when a legacy continues to circulate.
The discussion gained traction after a threat researcher known as “Johnk3r” published on January 29 on social media platform X the suspicion that a legitimate banking application could be used unusually to load a banking trojan. Even Without Reported Direct Financial Losses, the episode raises objective doubts about security and updates in online banking services.
What Was Identified And Why The Old Application Became The Focus
The starting point is the reference to the old Exclusive Browser, a discontinued Bradesco application from the end of 2024, but still present in environments where remnants of installation, shortcuts, or old packages may persist.
-
Mercado Livre has just started selling medications with delivery in up to three hours to your door, and this move could completely change the way Brazilians buy medicines on a daily basis.
-
In Dubai, rising tensions from the war in the Middle East are causing super-rich individuals to leave the Gulf and direct their fortunes to a new financial refuge in Asia.
-
“No one will make us change the Pix,” says Lula after the US report.
-
Lula responds directly to Trump and says that Pix is from Brazil and will not change under pressure from anyone, after a report from the United States pointed out the Brazilian payment system as an American trade barrier.
When an application is out of the regular update cycle, it tends to carry dependencies and routines that age quickly against the evolution of threats.
The alert is anchored in the idea that legitimate components, such as digital signatures and auxiliary modules, can be exploited as a “trust bridge” to deceive layers of protection.
The key word here is security: it is not about claiming that every customer was affected, but recognizing that an old application can become a preferred target precisely because it is less monitored and less updated.
How DLL Side Loading Comes Into Play
The technique described by researchers is known as DLL Side Loading.
In practical terms, the attacker tries to induce legitimate software to load a tampered dynamic library, taking advantage of the system’s behavior and the reputation of the original executable. This reduces the initial friction with some controls because the starting point appears “trustworthy”.
The risk is not in a specific programming detail exposed to the public, but in the general logic of abusing digital components.
When auxiliary libraries are replaced with malicious versions, a banking trojan can gain execution in a context that the user interprets as normal.
For a bank like Bradesco, this becomes a maturity test: block the vector, cut the trust chain, and ensure that discontinued versions do not continue to operate.
Real Risk To The User And What Changes In The Routine Of Online Banking Services
The available material indicates that there have been no reports of direct financial losses, which is a relevant piece of information to size the occurrence without sensationalism.
Still, the typical risk associated with a banking trojan involves credential capture, session interception, and personal data collection, especially in environments where the user reuses passwords, maintains broad permissions, or delays updates.
In practice, the average user does not need to master the technical part to understand the consequence: if an out-of-service banking application remains installed, it can become the easiest path for the attacker.
The operational response is usually straightforward and involves updates, removal of old versions, and preference for official channels that remain within Bradesco’s maintenance cycle.
Updates, Maintenance, And The Governance Of Legacy
The case highlights a well-known dilemma in banking technology: completely shutting down an old application is not always just about “stopping offering”, because there are traces of distribution, dependencies in the ecosystem, and user habits.
Updates Are Not Just Interface Improvements; They Are Risk Control. When an update cycle ends, governance needs to ensure that the legacy does not continue to be available as a side door.
Customer communication also comes into play. A Bradesco alert tends to serve a dual purpose: guiding the base to abandon discontinued software and reducing the exposure window while the technical team validates reports and implements fixes.
In a security scenario, each day without effective updates increases the likelihood of the vector being repurposed by different groups.
Objective Responsibility And What Is Typically Demanded In Fraud Incidents
The basis of the legal debate is the objective responsibility of financial institutions when failures in their systems result in losses to consumers.
Even when there is no confirmation of financial loss, the history of decisions in fraud cases typically demands from the bank diligence compatible with the service’s risk: maintenance, updates, monitoring, and rapid response.
For Bradesco, the tension here is reputational and technical. An incident associated with a banking trojan, even if indirect, triggers the same public thermometer: “Is my bank updated enough?”
Therefore, in addition to the specific correction, market expectations rest on the complete security cycle, from prevention to clear guidance on old applications and service channels.
Bradesco’s alert about the old application is not just a one-off security episode, but a reflection of how the digital legacy can remain alive even after the official discontinuation.
In Online Banking Services, The Quality Of Updates And The Discipline Of Maintenance Define The Level Of Exposure, Even If There Is No Direct Financial Loss In The Short Term.
If You Have Already Found An Old Bradesco Application Installed On Any Device, How Did You Decide What To Delete And What To Keep? And When A Bank Discontinues A Channel, Do You Prefer To Migrate Immediately, Or Wait For An Alert To Act?
Seja o primeiro a reagir!