Brazilian Crypto Holders Targeted via WhatsApp by Malware Worm

Cybercriminals are targeting crypto holders in Brazil using a malicious campaign on WhatsApp. They’re spreading a banking trojan called Eternidade Stealer through self-propagating worm messages. According to security researchers, attackers send deceptive messages that look like they come from friends, government programs, or investment groups to trick users into clicking links. Coinspeaker+2Cointelegraph+2

When people click these links, their WhatsApp accounts can be hijacked — the worm takes over the account and harvests its contact list, but filters out business contacts and groups so it targets personal contacts more efficiently. The Hacker News+1

The banking trojan then quietly installs itself on the victim’s device. Once active, it searches for credentials and financial data from Brazilian banks, crypto exchanges, and wallet apps — allowing attackers to siphon off crypto and sensitive financial information. The Hacker News+2CoinCentral+2

One clever trick: the malware doesn’t use a static command-and-control (C2) server. Instead, it retrieves its C2 address dynamically via a Gmail account using IMAP. If that fails, it falls back to a hardcoded backup server. Cointelegraph

SpiderLabs, the security team behind the report, warns that this shows just how dangerous WhatsApp has become in Brazil’s cyber-criminal ecosystem — and that users should be extremely careful when clicking links, even from contacts