WhatsApp Worm Delivers Banking Trojan to Brazilian Users

Security researchers have uncovered a sophisticated malware campaign in Brazil involving a WhatsApp-based worm and a banking trojan called Eternidade Stealer. Attackers are using social engineering tactics—sending messages about fake government programs, delivery updates, or investment opportunities—to trick victims into clicking malicious links.

When a user clicks the link, the worm gets installed and takes control of the user’s WhatsApp account. It harvests the victim’s contact list, but cleverly filters out business contacts or group chats to focus on individual personal contacts. Using the account, it sends more infected messages to spread further.

Simultaneously, a banking trojan (Eternidade Stealer) is silently installed in the background. This malware is written in Delphi and waits for users to interact with financial apps or crypto platforms. It scans for logins and credentials from Brazilian banks, fintech services, exchanges, and crypto wallets—where it can capture the victim’s sensitive financial data.

To maintain control and avoid detection, Eternidade Stealer reaches out to a hidden command-and-control server by checking a pre-configured Gmail account via IMAP. This means the attacker can dynamically update commands. If that email-based control fails, the malware switches to a fallback server embedded in its code.

Because of this setup, the malware is more resilient and can persist on the infected device. Once deployed, it also collects system information—checking for installed security software, the language of the operating system (to confirm it’s running on a Brazilian Portuguese machine), and other indicators.

Overall, this campaign poses a serious threat to financial security in Brazil. WhatsApp, widely used in the country, has become a powerful channel for distributing the malware. Users are strongly advised to be cautious about any unexpected links, even if they come from their trusted contacts, and to maintain strong security hygiene