Home News Banking Trojan Spreads via WhatsApp, Hitting Brazilian Users Hard
News

Banking Trojan Spreads via WhatsApp, Hitting Brazilian Users Hard

199

Brazil has recently experienced a major surge in banking‑trojan attacks that are spreading through WhatsApp. The attackers, identified as the Water Saci group, are distributing malicious files such as HTML applications or PDFs. When opened, these files trigger the download and installation of a trojan on the victim’s device. Unlike earlier versions that relied on PowerShell scripts, the latest variant uses a Python‑based worm that automatically spreads to the victim’s WhatsApp contacts, making the malware self-propagating.

Once installed, the malware runs silently in the background, monitoring active windows for banking websites, payment platforms, or cryptocurrency wallets. If the victim opens one of these, the trojan activates, logging keystrokes, taking screenshots, displaying fake login pages, and even intercepting credentials. It can also remotely control the system, manipulate mouse clicks, and execute unauthorized actions without the user noticing.

The trojan ensures persistence by re-launching automatically whenever the user opens a browser or restarts the system. Its WhatsApp-based propagation method turns each infected device into a hub, sending malicious files to all contacts and dramatically increasing the malware’s reach. Security experts consider this campaign particularly dangerous due to the combination of automated spreading, advanced evasion, and financial-targeted attacks. Authorities are warning users to be extremely cautious with attachments, even from trusted contacts, and to verify files before opening them to prevent infections

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

NewsSecurity

Telegram’s t.me Domain Goes Offline Worldwide After Registry Imposes ServerHold

Telegram’s t.me Links Go Offline After Domain Registry Places Hold on Address...

NewsSecurity

Critical U-Boot Flaws Could Let Hackers Install Stealthy Firmware Malware

New U-Boot Bootloader Flaws Could Enable Stealthy Firmware-Level Attacks Security researchers have...

NewsSecurity

Exposed Hacker Server Reveals Massive Campaign Compromising 25,000 WordPress Websites

Exposed Server Reveals 25,000 Hacked WordPress Websites in Large Cybercrime Campaign A...

NewsSecurity

Hidden Tenda Router Backdoor Gives Hackers Full Administrator Access

Hidden Backdoor in Tenda Router Firmware Allows Attackers to Gain Admin Access...