Infosecurity Magazine reports that Brazilian threat actors have exploited WhatsApp to spread the nascent Ethernidade Stealer banking trojan.Attacks involved the use of an obfuscated VBScript loading a Python-based WhatsApp worm, which facilitated automated WhatsApp messaging, contact list extraction, and malicious file delivery, and an installer for the Delphi-based Eternidade Stealer, which is only run on Brazilian Portuguese-language systems, according to a Trustwave SpiderLabs analysis.Host information, browser window details, and data from banking apps by Santander, Itau, Caixa, and Bradesco, as well as Binance and MercadoPago, are then exfiltrated by Eternidade Stealer, which also features dynamic command-and-control discovery, WhatsApp contact pilfering, process hollowing, and antivirus detection capabilities. Additional findings revealed the global scope of the Eternidade Stealer campaign, which has mostly targeted desktop systems."Cybersecurity defenders should remain vigilant for suspicious WhatsApp activity, unexpected MSI or script executions, and indicators linked to this ongoing campaign," said researchers.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds