Buy CryptoMarketsSpotFuturesGOLDEarnEvent Center
More
Commodity Zero-Fee Gala
The post Brazilian crypto users hit by WhatsApp malware campaign targeting crypto wallets appeared on BitcoinEthereumNews.com. Bad actors are weaponizing WhatsApp to deliver a hijacking worm and banking trojan in Brazil that targets their crypto wallets. Summary SpiderLabs has warned about a WhatsApp‑based malware campaign in Brazil that deploys a worm and banking trojan to target crypto users. The malware is able to harvest sensitive information related to the victim’s crypto exchange account and wallets. Trustwave’s cybersecurity research team SpiderLabs has uncovered a major campaign involving the Eternidade Stealer, which can quietly harvest financial information, login data, and other sensitive details associated with banking portals, fintech apps, and crypto exchanges on the victim’s device. Threat actors were found to be using complex social engineering schemes involving “fake government programs, delivery notifications, and even fraudulent investment groups shared through WhatsApp messages and groups,” the report said. Attackers are using a two‑stage process to deliver the malicious payload that includes a WhatsApp‑propagating worm and a Delphi‑based banking trojan. When the victim clicks a worm link, it triggers an automated sequence that hijacks the WhatsApp session, downloads the MSI installer in the background, and deploys the stealer that scans for financial applications and crypto wallets. “When it detects a match, for example, a window title or process name linked to Bradesco, BTG Pactual, Binance, Coinbase, MetaMask, Trust Wallet, or another financial brand, the malware immediately decrypts and activates its next-stage payload,” Spiderlabs researchers explained. Another concerning trait of the campaign, besides its stealthy nature, is that the worm is able to access the victim’s contact list, which lets it target other potential victims. Meanwhile, it prevents detection by using “hardcoded credentials to log into its email account,” which is retrieved from a Gmail inbox controlled by the operator. By using IMAP over SSL to fetch commands, a method that blends with ordinary user email traffic, the malware is able… The post Brazilian crypto users hit by WhatsApp malware campaign targeting crypto wallets appeared on BitcoinEthereumNews.com. Bad actors are weaponizing WhatsApp to deliver a hijacking worm and banking trojan in Brazil that targets their crypto wallets. Summary SpiderLabs has warned about a WhatsApp‑based malware campaign in Brazil that deploys a worm and banking trojan to target crypto users. The malware is able to harvest sensitive information related to the victim’s crypto exchange account and wallets. Trustwave’s cybersecurity research team SpiderLabs has uncovered a major campaign involving the Eternidade Stealer, which can quietly harvest financial information, login data, and other sensitive details associated with banking portals, fintech apps, and crypto exchanges on the victim’s device. Threat actors were found to be using complex social engineering schemes involving “fake government programs, delivery notifications, and even fraudulent investment groups shared through WhatsApp messages and groups,” the report said. Attackers are using a two‑stage process to deliver the malicious payload that includes a WhatsApp‑propagating worm and a Delphi‑based banking trojan. When the victim clicks a worm link, it triggers an automated sequence that hijacks the WhatsApp session, downloads the MSI installer in the background, and deploys the stealer that scans for financial applications and crypto wallets. “When it detects a match, for example, a window title or process name linked to Bradesco, BTG Pactual, Binance, Coinbase, MetaMask, Trust Wallet, or another financial brand, the malware immediately decrypts and activates its next-stage payload,” Spiderlabs researchers explained. Another concerning trait of the campaign, besides its stealthy nature, is that the worm is able to access the victim’s contact list, which lets it target other potential victims. Meanwhile, it prevents detection by using “hardcoded credentials to log into its email account,” which is retrieved from a Gmail inbox controlled by the operator. By using IMAP over SSL to fetch commands, a method that blends with ordinary user email traffic, the malware is able…

Brazilian crypto users hit by WhatsApp malware campaign targeting crypto wallets

Author: BitcoinEthereumNews
Source: BitcoinEthereumNews
2025/11/20 17:10
4 min read
Bad Idea AI
BAD$0.00000000106-3.63%
Major
MAJOR$0.06025+1.17%
Chainlink
LINK$8.806-4.05%
Openverse Network
BTG$3.739+0.80%
Intuition
TRUST$0.06974-1.96%
For feedback or concerns regarding this content, please contact us at [email protected]

Bad actors are weaponizing WhatsApp to deliver a hijacking worm and banking trojan in Brazil that targets their crypto wallets.

Summary

  • SpiderLabs has warned about a WhatsApp‑based malware campaign in Brazil that deploys a worm and banking trojan to target crypto users.
  • The malware is able to harvest sensitive information related to the victim’s crypto exchange account and wallets.

Trustwave’s cybersecurity research team SpiderLabs has uncovered a major campaign involving the Eternidade Stealer, which can quietly harvest financial information, login data, and other sensitive details associated with banking portals, fintech apps, and crypto exchanges on the victim’s device.

Threat actors were found to be using complex social engineering schemes involving “fake government programs, delivery notifications, and even fraudulent investment groups shared through WhatsApp messages and groups,” the report said.

Attackers are using a two‑stage process to deliver the malicious payload that includes a WhatsApp‑propagating worm and a Delphi‑based banking trojan. When the victim clicks a worm link, it triggers an automated sequence that hijacks the WhatsApp session, downloads the MSI installer in the background, and deploys the stealer that scans for financial applications and crypto wallets.

“When it detects a match, for example, a window title or process name linked to Bradesco, BTG Pactual, Binance, Coinbase, MetaMask, Trust Wallet, or another financial brand, the malware immediately decrypts and activates its next-stage payload,” Spiderlabs researchers explained.

Another concerning trait of the campaign, besides its stealthy nature, is that the worm is able to access the victim’s contact list, which lets it target other potential victims.

Meanwhile, it prevents detection by using “hardcoded credentials to log into its email account,” which is retrieved from a Gmail inbox controlled by the operator. By using IMAP over SSL to fetch commands, a method that blends with ordinary user email traffic, the malware is able to bypass network filters and remain difficult to trace.

“It is a very clever way to update its C2, maintain persistence, and evade detections or takedowns on a network level. If the malware cannot connect to the email account, it uses a hardcoded fallback C2 address,” researchers added.

SpiderLabs researchers have urged Brazilian crypto users to remain alert, especially on WhatsApp, which has become a favored tool for social engineering-based malware campaigns.

“WhatsApp continues to be one of the most exploited communication channels in Brazil’s cybercrime ecosystem. Over the past two years, threat actors have refined their tactics, using the platform’s immense popularity to distribute banker trojans and information-stealing malware,” researchers warned.

Crypto adoption in Brazil has soared over the past few years, and with recent developments like potential plans to establish a national Bitcoin reserve and enforce a proper regulatory framework, the country has drawn increased attention from global investors and local users alike. On the Chainalysis Global Crypto Adoption Index, Brazil ranks fifth, while it stands as Latin America’s largest crypto market by volume.

As such, it remains a prime target for scammers and other bad actors seeking to exploit inexperienced users or take advantage of poorly protected systems.

Eternidade Stealer is a kind of infostealer, which, as mentioned above, can silently monitor applications, extract sensitive credentials, and activate fake overlays to harvest user data..

Back in September, security platform Mosyle uncovered one such cross-platform threat called ModStealer that remained undetected for weeks and was found to be targeting crypto wallets across macOS, Windows, and Linux environments. By using obfuscated JavaScript code within a Node.js environment, the malware was able to infiltrate developer systems and exfiltrate private keys and clipboard data from over 50 browser wallet extensions.

More recently, a Google Threat Intelligence Group report warned that bad actors have started using artificial intelligence to develop malware that can rewrite its own code in real time, making it a lot harder to detect or neutralize.

Source: https://crypto.news/brazilian-crypto-users-hit-by-whatsapp-malware-campaign-targeting-crypto-wallets/

Market Opportunity
Bad Idea AI Logo
Bad Idea AI Price(BAD)
$0.00000000106
$0.00000000106$0.00000000106
0.00%
USD
Bad Idea AI (BAD) Live Price Chart
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact [email protected] for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
Tags:
#DEX#Index

You May Also Like

U.S. Oil Production Is On Pace For A New Record, But Growth Is Slowing

U.S. Oil Production Is On Pace For A New Record, But Growth Is Slowing

The post U.S. Oil Production Is On Pace For A New Record, But Growth Is Slowing appeared on BitcoinEthereumNews.com. FORT STOCKTON, TEXAS – MARCH 24: The sun sets behind a pumpjack during a gusty night on March 24, 2024 in Fort Stockton, Texas. Employment in Texas has reached record highs, with the oil- and gas-producing Permian Basin, which covers a large swathe of west Texas, leading the way. Permian Basin towns of Midland and Odessa notched 2.6 and 3.5 percent unemployment respectively, according to the report touted earlier this month by Gov. Gregg Abbott. (Photo by Brandon Bell/Getty Images) Getty Images For the past two years, the United States has set oil production records. This growth is a continuance of the surge in oil production resulting from the shale boom that began earlier this century. According to data from the Energy Information Administration, U.S. oil production average 13.2 million barrels per day in 2024, up from 12.7 million in 2023 and 12.5 million in 2022. U.S. Oil Production 1860-2024. Energy Information Administration It is now clear that the U.S. is on track this year to set its third consecutive annual record for crude oil production. Year-to-date production through the week ending September 12, 2025 shows a production level of 13.44 million BPD, which is about 1.9% ahead of last year’s record pace. But beneath those headline numbers, a subtle shift is underway: growth is slowing. The slowdown becomes clear if we look at the year-over-year percentage changes over the past 20 years. Annual Oil Production Change 2006-2025 YTD. Robert Rapier There have been only two other periods in the past 20 years where U.S. oil production growth slowed for three consecutive years, but both of those instances had extenuating circumstances. The first was from 2014 through 2016, when a price war launched by OPEC triggered a collapse in oil prices and forced U.S. producers to slash drilling activity. The…
Share
BitcoinEthereumNews2025/09/18 18:35
Silver Prices Edge Closer to a Pivotal Support and Resistance Test

Silver Prices Edge Closer to a Pivotal Support and Resistance Test

The post Silver Prices Edge Closer to a Pivotal Support and Resistance Test appeared on BitcoinEthereumNews.com. The silver market, although experiencing recent
Share
BitcoinEthereumNews2026/03/07 11:29
[Newspoint] Overpaid troll

[Newspoint] Overpaid troll

KAUFMAN. Former president Rodrigo Duterte's lawyer Nicholas Kaufman delivers his opening statement before the ICC Pre-Trial Chamber I on February 23, 2026.
Share
Rappler2026/03/07 11:00

Trending News

More

U.S. Oil Production Is On Pace For A New Record, But Growth Is Slowing

Silver Prices Edge Closer to a Pivotal Support and Resistance Test

[Newspoint] Overpaid troll

Pakistan Sets Up Virtual Assets Authority as Parliament Passes Crypto Regulation Law

Fed Day Dry Powder: Cryptoquant Analyst Tracks $7.6B Stablecoin Pile on Exchanges

Quick Reads

More

What is CLAWSTR Crypto? An Introduction to CLAWSTR Cryptocurrency

What is Autism Coin (AUTISM)? An Introduction to Cryptocurrency

What is HODL Coin HODL? An Introduction to Cryptocurrency

What is Milady Token MILADY? An Introduction to Cryptocurrency

What is Archer Aviation Tokenized Stock (ACHRON)? An Introduction to Cryptocurrency

Crypto Prices

Bitcoin Logo

Bitcoin

BTC

$68,109.19
$68,109.19$68,109.19

-0.57%

Ethereum Logo

Ethereum

ETH

$1,977.12
$1,977.12$1,977.12

-0.05%

Solana Logo

Solana

SOL

$84.36
$84.36$84.36

-0.33%

XRP Logo

XRP

XRP

$1.3640
$1.3640$1.3640

+0.55%

Tether Gold Logo

Tether Gold

GOLD(XAUT)

$5,140.7
$5,140.7$5,140.7

+0.50%