Attackers have exploited WhatsApp to compromise Brazilian users with the Astaroth banking trojan as part of the new Boto-Cor-de-Rosa campaign, SiliconANGLE reports.Intrusions began with the distribution of malicious WhatsApp messages with a randomly named ZIP file, which contains a Visual Basic script that installs and executes the Astaroth banking payload and a novel Python-based propagation module, according to an Acronis analysis.While Astaroth enables credential theft routines on banking websites visited by the targets, the other module facilitates illicit ZIP file delivery to all of the targets' contacts in a bid to commence an infection loop that did not require additional infrastructure. Such an attack campaign was noted by researchers to highlight the persistent evolution in tactics weaponized to spread banking malware."By leveraging WhatsApp as a distribution channel, the malware not only accelerates its spread but also exploits trust-based communication patterns to increase the likelihood of victim interaction," said researchers.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds