Skip to main content

WhatsApp Worm Sparks Brazil's Eternidade Stealer Banking Trojan Outbreak



Brazilian cryptocurrency investors are facing an increasingly sophisticated phishing scheme that leverages social engineering to deliver malware via WhatsApp. A new cybersecurity report details a recent campaign involving a malicious worm and banking trojan designed to steal sensitive financial data and disrupt user accounts, highlighting mounting risks in crypto markets and the importance of heightened vigilance in the digital asset space.



  • Cybercriminals are exploiting WhatsApp's popularity to distribute malware targeting Brazilian crypto users.

  • The campaign involves a hijacking worm and Eternidade Stealer banking trojan, enabling widespread theft of financial information.

  • -malware uses clever techniques such as email-based command and control to evade detection and shutdown.

  • Brazil, as Latin America's largest crypto adopter, remains a significant target for cyber threats in the crypto sector.

  • Users are advised to exercise caution with links and delivery messages, keep software updated, and enable security measures.




Brazilian cryptocurrency owners are currently under threat from a sophisticated hacking campaign that employs both a hijacking worm and a financial malware known as Eternidade Stealer. These cyberattacks are being executed through WhatsApp messages that entice users into clicking malicious links, risking their crypto holdings and financial data.



According to a report from Trustwave’s cybersecurity research team SpiderLabs, the malicious campaign involves social engineering tactics, including messages about “fake government programs,” delivery notifications, or even correspondence from friends and fraudulent investment groups. The goal: to trick users into clicking links that trigger malware downloads.



“WhatsApp remains one of the most exploited communication channels in Brazil’s cybercrime ecosystem,” said SpiderLabs researchers Nathaniel Morales, John Basmayor, and Nikita Kazymirskyi. “Threat actors have honed their tactics over the past two years, leveraging the platform’s widespread use to distribute banking trojans and data-stealing malware.”



Once the victim clicks on the malicious link, a chain reaction ensues. The worm infects the device, hijacks the user’s WhatsApp account, and accesses their contact list. It employs “smart filtering” to target specific contacts, avoiding groups and business contacts for discreet operations.





Infographic illustrating how the malware infects devices and executes its attack. Source: SpiderLabs



Meanwhile, the Eternidade Stealer banking trojan is silently downloaded onto the victim’s device. It quickly scans for banking and cryptocurrency login credentials related to Brazilian banks, fintech apps, and crypto exchanges. This theft poses a serious threat to digital asset security, especially given the recent surge in crypto adoption across Brazil, which remains Latin America’s leading market for cryptocurrency activity and ranks fifth globally for crypto adoption according to Chainalysis’s 2025 index.



The malware’s design incorporates a cunning method to evade detection. Instead of connecting to a fixed command-and-control server, it uses a pre-set Gmail account to receive instructions via email. This approach allows hackers to dynamically update commands and maintain control over infected devices, complicating efforts to counteract the malware’s spread.



“The malware uses hardcoded credentials to log into its email account, which it then uses to retrieve commands, making it resilient against takedowns,” the report explains. “If email communication fails, it defaults to a hardcoded fallback server.”



How to Stay Safe in Crypto and Messaging Apps


Crypto users should remain cautious when receiving links, even from trusted contacts. Verifying suspicious messages via a different communication channel is a good practice. Regularly updating software and employing robust anti-virus protections can also reduce the risk of infection.



If users suspect they have fallen prey to this malware, it is critical to immediately freeze access to all related crypto and banking accounts. Monitoring transactions enables authorities or exchanges to track and potentially freeze hacker assets, helping to prevent further losses.



As crypto markets grow, so does the need for comprehensive security awareness and proactive measures to protect digital assets from evolving cyber threats.



https://www.cryptobreaking.com/whatsapp-worm-sparks-brazils-eternidade/?utm_source=blogger%20&utm_medium=social_auto&utm_campaign=WhatsApp%20Worm%20Sparks%20Brazil's%20Eternidade%20Stealer%20Banking%20Trojan%20Outbreak%20
Labels:

Comments

Post a Comment

Popular posts from this blog

Scaramucci Family Invests $100M in Trump-Backed Bitcoin Mining Firm

The recent investment in American Bitcoin highlights the growing interest and participation of prominent figures and families in the cryptocurrency mining sector, particularly in the United States. With over $100 million from the Scaramucci family’s Solari Capital and backing from notable entrepreneurs and investors, American Bitcoin is solidifying its position as a significant player in the evolving blockchain and crypto markets. This move underscores the increasing institutional and individual involvement in Bitcoin and related assets, shaping the future of the crypto industry amidst regulatory and market dynamics. The Scaramucci family’s private investment firm, Solari Capital, has committed over $100 million to American Bitcoin, a major U.S.-based mining company. American Bitcoin raised $220 million in a funding round before going public via reverse merger, with notable backers including Tony Robbins, Charles Hoskinson, Grant Cardone, and Peter Diamandis. The company ...
Post a Comment
Read more

What Does it Mean When BTC Futures Turn Negative Compared to Spot Price?

Recent shifts in the cryptocurrency market highlight a growing cautious sentiment among traders, as the Bitcoin futures-to-spot basis has turned negative for the first time since March 2025. This development suggests a potential cooling of investor enthusiasm, with traders showing a preference to de-risk amid increasing market volatility. The trend underscores ongoing uncertainty in the crypto markets, impacting Bitcoin’s price outlook and trading dynamics. Bitcoin futures-spot basis has dipped into negative territory, signaling increased caution among traders. Internal exchange flow surges often precede heightened volatility and liquidity stress. The market’s leverage ratio has decreased, indicating a healthier futures environment and reduced forced-liquidation risks. Historical patterns of negative basis may point either to a market bottom or further downside, depending on subsequent price movements. Bitcoin futures-spot basis signals two different pathways Bitcoi...
Post a Comment
Read more

VanEck Launches Solana ETF; First Spot DOGE ETF Launches Monday

The cryptocurrency investment landscape continues to expand as new ETF offerings gain approval and enter the US market, providing investors with more ways to gain exposure to digital assets. Recent developments highlight increasing institutional interest in altcoins like Solana and Dogecoin, driven by regulatory changes that streamline fund approvals. As more ETFs launch, it's clear that cryptocurrencies are solidifying their place within mainstream investment portfolios, promising greater accessibility and liquidity for both retail and institutional investors alike. VanEck launches the third US ETF tied to Solana, offering staking yields and waiving fees until February or reaching $1 billion in assets. The SEC’s relaxed listing standards have accelerated the rollout of crypto ETFs, with Fidelity's Solana ETF set to launch shortly. Grayscale is preparing to introduce the first Dogecoin ETF in the US, contingent upon SEC approval and NYSE listing procedures. Ot...
Post a Comment
Read more