BorsaDEX+
Kripto AlPiyasalarSpotVadeli İşlemlerGOLDBirikimEtkinlikler
Daha Fazla
Commodity Zero-Fee Gala
The post Brazilian crypto users hit by WhatsApp malware campaign targeting crypto wallets appeared on BitcoinEthereumNews.com. Bad actors are weaponizing WhatsApp to deliver a hijacking worm and banking trojan in Brazil that targets their crypto wallets. Summary SpiderLabs has warned about a WhatsApp‑based malware campaign in Brazil that deploys a worm and banking trojan to target crypto users. The malware is able to harvest sensitive information related to the victim’s crypto exchange account and wallets. Trustwave’s cybersecurity research team SpiderLabs has uncovered a major campaign involving the Eternidade Stealer, which can quietly harvest financial information, login data, and other sensitive details associated with banking portals, fintech apps, and crypto exchanges on the victim’s device. Threat actors were found to be using complex social engineering schemes involving “fake government programs, delivery notifications, and even fraudulent investment groups shared through WhatsApp messages and groups,” the report said. Attackers are using a two‑stage process to deliver the malicious payload that includes a WhatsApp‑propagating worm and a Delphi‑based banking trojan. When the victim clicks a worm link, it triggers an automated sequence that hijacks the WhatsApp session, downloads the MSI installer in the background, and deploys the stealer that scans for financial applications and crypto wallets. “When it detects a match, for example, a window title or process name linked to Bradesco, BTG Pactual, Binance, Coinbase, MetaMask, Trust Wallet, or another financial brand, the malware immediately decrypts and activates its next-stage payload,” Spiderlabs researchers explained. Another concerning trait of the campaign, besides its stealthy nature, is that the worm is able to access the victim’s contact list, which lets it target other potential victims. Meanwhile, it prevents detection by using “hardcoded credentials to log into its email account,” which is retrieved from a Gmail inbox controlled by the operator. By using IMAP over SSL to fetch commands, a method that blends with ordinary user email traffic, the malware is able… The post Brazilian crypto users hit by WhatsApp malware campaign targeting crypto wallets appeared on BitcoinEthereumNews.com. Bad actors are weaponizing WhatsApp to deliver a hijacking worm and banking trojan in Brazil that targets their crypto wallets. Summary SpiderLabs has warned about a WhatsApp‑based malware campaign in Brazil that deploys a worm and banking trojan to target crypto users. The malware is able to harvest sensitive information related to the victim’s crypto exchange account and wallets. Trustwave’s cybersecurity research team SpiderLabs has uncovered a major campaign involving the Eternidade Stealer, which can quietly harvest financial information, login data, and other sensitive details associated with banking portals, fintech apps, and crypto exchanges on the victim’s device. Threat actors were found to be using complex social engineering schemes involving “fake government programs, delivery notifications, and even fraudulent investment groups shared through WhatsApp messages and groups,” the report said. Attackers are using a two‑stage process to deliver the malicious payload that includes a WhatsApp‑propagating worm and a Delphi‑based banking trojan. When the victim clicks a worm link, it triggers an automated sequence that hijacks the WhatsApp session, downloads the MSI installer in the background, and deploys the stealer that scans for financial applications and crypto wallets. “When it detects a match, for example, a window title or process name linked to Bradesco, BTG Pactual, Binance, Coinbase, MetaMask, Trust Wallet, or another financial brand, the malware immediately decrypts and activates its next-stage payload,” Spiderlabs researchers explained. Another concerning trait of the campaign, besides its stealthy nature, is that the worm is able to access the victim’s contact list, which lets it target other potential victims. Meanwhile, it prevents detection by using “hardcoded credentials to log into its email account,” which is retrieved from a Gmail inbox controlled by the operator. By using IMAP over SSL to fetch commands, a method that blends with ordinary user email traffic, the malware is able…

Brazilian crypto users hit by WhatsApp malware campaign targeting crypto wallets

Yazar: BitcoinEthereumNewsKaynak: BitcoinEthereumNews
2025/11/20 17:10
Okuma süresi: 4 dk
Bad Idea AI
BAD$0.00000000088-5.37%
Major
MAJOR$0.07853-7.12%
Chainlink
LINK$8.11-10.78%
Openverse Network
BTG$5.029-5.38%
Intuition
TRUST$0.06824-15.58%

Bad actors are weaponizing WhatsApp to deliver a hijacking worm and banking trojan in Brazil that targets their crypto wallets.

Summary

  • SpiderLabs has warned about a WhatsApp‑based malware campaign in Brazil that deploys a worm and banking trojan to target crypto users.
  • The malware is able to harvest sensitive information related to the victim’s crypto exchange account and wallets.

Trustwave’s cybersecurity research team SpiderLabs has uncovered a major campaign involving the Eternidade Stealer, which can quietly harvest financial information, login data, and other sensitive details associated with banking portals, fintech apps, and crypto exchanges on the victim’s device.

Threat actors were found to be using complex social engineering schemes involving “fake government programs, delivery notifications, and even fraudulent investment groups shared through WhatsApp messages and groups,” the report said.

Attackers are using a two‑stage process to deliver the malicious payload that includes a WhatsApp‑propagating worm and a Delphi‑based banking trojan. When the victim clicks a worm link, it triggers an automated sequence that hijacks the WhatsApp session, downloads the MSI installer in the background, and deploys the stealer that scans for financial applications and crypto wallets.

“When it detects a match, for example, a window title or process name linked to Bradesco, BTG Pactual, Binance, Coinbase, MetaMask, Trust Wallet, or another financial brand, the malware immediately decrypts and activates its next-stage payload,” Spiderlabs researchers explained.

Another concerning trait of the campaign, besides its stealthy nature, is that the worm is able to access the victim’s contact list, which lets it target other potential victims.

Meanwhile, it prevents detection by using “hardcoded credentials to log into its email account,” which is retrieved from a Gmail inbox controlled by the operator. By using IMAP over SSL to fetch commands, a method that blends with ordinary user email traffic, the malware is able to bypass network filters and remain difficult to trace.

“It is a very clever way to update its C2, maintain persistence, and evade detections or takedowns on a network level. If the malware cannot connect to the email account, it uses a hardcoded fallback C2 address,” researchers added.

SpiderLabs researchers have urged Brazilian crypto users to remain alert, especially on WhatsApp, which has become a favored tool for social engineering-based malware campaigns.

“WhatsApp continues to be one of the most exploited communication channels in Brazil’s cybercrime ecosystem. Over the past two years, threat actors have refined their tactics, using the platform’s immense popularity to distribute banker trojans and information-stealing malware,” researchers warned.

Crypto adoption in Brazil has soared over the past few years, and with recent developments like potential plans to establish a national Bitcoin reserve and enforce a proper regulatory framework, the country has drawn increased attention from global investors and local users alike. On the Chainalysis Global Crypto Adoption Index, Brazil ranks fifth, while it stands as Latin America’s largest crypto market by volume.

As such, it remains a prime target for scammers and other bad actors seeking to exploit inexperienced users or take advantage of poorly protected systems.

Eternidade Stealer is a kind of infostealer, which, as mentioned above, can silently monitor applications, extract sensitive credentials, and activate fake overlays to harvest user data..

Back in September, security platform Mosyle uncovered one such cross-platform threat called ModStealer that remained undetected for weeks and was found to be targeting crypto wallets across macOS, Windows, and Linux environments. By using obfuscated JavaScript code within a Node.js environment, the malware was able to infiltrate developer systems and exfiltrate private keys and clipboard data from over 50 browser wallet extensions.

More recently, a Google Threat Intelligence Group report warned that bad actors have started using artificial intelligence to develop malware that can rewrite its own code in real time, making it a lot harder to detect or neutralize.

Source: https://crypto.news/brazilian-crypto-users-hit-by-whatsapp-malware-campaign-targeting-crypto-wallets/

Piyasa Fırsatı
Bad Idea AI Logosu
Bad Idea AI Fiyatı(BAD)
$0.00000000088
$0.00000000088$0.00000000088
+1.14%
USD
Bad Idea AI (BAD) Canlı Fiyat Grafiği
Sorumluluk Reddi: Bu sitede yeniden yayınlanan makaleler, halka açık platformlardan alınmıştır ve yalnızca bilgilendirme amaçlıdır. MEXC'nin görüşlerini yansıtmayabilir. Tüm hakları telif sahiplerine aittir. Herhangi bir içeriğin üçüncü taraf haklarını ihlal ettiğini düşünüyorsanız, kaldırılması için lütfen [email protected] ile iletişime geçin. MEXC, içeriğin doğruluğu, eksiksizliği veya güncelliği konusunda hiçbir garanti vermez ve sağlanan bilgilere dayalı olarak alınan herhangi bir eylemden sorumlu değildir. İçerik, finansal, yasal veya diğer profesyonel tavsiye niteliğinde değildir ve MEXC tarafından bir tavsiye veya onay olarak değerlendirilmemelidir.

Ayrıca Şunları da Beğenebilirsiniz

“Vibes Should Match Substance”: Vitalik on Fake Ethereum Connections

“Vibes Should Match Substance”: Vitalik on Fake Ethereum Connections

Vitalik Buterin criticized L2s that use optimistic bridges without adding meaningful technical innovation. Ethereum’s base layer is scaling, reducing the need for
Paylaş
LiveBitcoinNews2026/02/06 11:30
Why Bitcoin Crashed Below $69,000 — Causes & Outlook

Why Bitcoin Crashed Below $69,000 — Causes & Outlook

Cryptsy - Latest Cryptocurrency News and Predictions Cryptsy - Latest Cryptocurrency News and Predictions - Experts in Crypto Casinos Bitcoin crash explained:
Paylaş
Cryptsy2026/02/06 11:20
CME Group to launch options on XRP and SOL futures

CME Group to launch options on XRP and SOL futures

The post CME Group to launch options on XRP and SOL futures appeared on BitcoinEthereumNews.com. CME Group will offer options based on the derivative markets on Solana (SOL) and XRP. The new markets will open on October 13, after regulatory approval.  CME Group will expand its crypto products with options on the futures markets of Solana (SOL) and XRP. The futures market will start on October 13, after regulatory review and approval.  The options will allow the trading of MicroSol, XRP, and MicroXRP futures, with expiry dates available every business day, monthly, and quarterly. The new products will be added to the existing BTC and ETH options markets. ‘The launch of these options contracts builds on the significant growth and increasing liquidity we have seen across our suite of Solana and XRP futures,’ said Giovanni Vicioso, CME Group Global Head of Cryptocurrency Products. The options contracts will have two main sizes, tracking the futures contracts. The new market will be suitable for sophisticated institutional traders, as well as active individual traders. The addition of options markets singles out XRP and SOL as liquid enough to offer the potential to bet on a market direction.  The options on futures arrive a few months after the launch of SOL futures. Both SOL and XRP had peak volumes in August, though XRP activity has slowed down in September. XRP and SOL options to tap both institutions and active traders Crypto options are one of the indicators of market attitudes, with XRP and SOL receiving a new way to gauge sentiment. The contracts will be supported by the Cumberland team.  ‘As one of the biggest liquidity providers in the ecosystem, the Cumberland team is excited to support CME Group’s continued expansion of crypto offerings,’ said Roman Makarov, Head of Cumberland Options Trading at DRW. ‘The launch of options on Solana and XRP futures is the latest example of the…
Paylaş
BitcoinEthereumNews2025/09/18 00:56