Home News Brazilian Crypto Holders Targeted via WhatsApp by Malware Worm
News

Brazilian Crypto Holders Targeted via WhatsApp by Malware Worm

188

Cybercriminals are targeting crypto holders in Brazil using a malicious campaign on WhatsApp. They’re spreading a banking trojan called Eternidade Stealer through self-propagating worm messages. According to security researchers, attackers send deceptive messages that look like they come from friends, government programs, or investment groups to trick users into clicking links.

When people click these links, their WhatsApp accounts can be hijacked — the worm takes over the account and harvests its contact list, but filters out business contacts and groups so it targets personal contacts more efficiently.

The banking trojan then quietly installs itself on the victim’s device. Once active, it searches for credentials and financial data from Brazilian banks, crypto exchanges, and wallet apps — allowing attackers to siphon off crypto and sensitive financial information.

One clever trick: the malware doesn’t use a static command-and-control (C2) server. Instead, it retrieves its C2 address dynamically via a Gmail account using IMAP. If that fails, it falls back to a hardcoded backup server.

SpiderLabs, the security team behind the report, warns that this shows just how dangerous WhatsApp has become in Brazil’s cyber-criminal ecosystem — and that users should be extremely careful when clicking links, even from contacts

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

NewsSecurity

Telegram’s t.me Domain Goes Offline Worldwide After Registry Imposes ServerHold

Telegram’s t.me Links Go Offline After Domain Registry Places Hold on Address...

NewsSecurity

Critical U-Boot Flaws Could Let Hackers Install Stealthy Firmware Malware

New U-Boot Bootloader Flaws Could Enable Stealthy Firmware-Level Attacks Security researchers have...

NewsSecurity

Exposed Hacker Server Reveals Massive Campaign Compromising 25,000 WordPress Websites

Exposed Server Reveals 25,000 Hacked WordPress Websites in Large Cybercrime Campaign A...

NewsSecurity

Hidden Tenda Router Backdoor Gives Hackers Full Administrator Access

Hidden Backdoor in Tenda Router Firmware Allows Attackers to Gain Admin Access...