Skip to main content

WhatsApp Worm Sparks Brazil's Eternidade Stealer Banking Trojan Outbreak



Brazilian cryptocurrency investors are facing an increasingly sophisticated phishing scheme that leverages social engineering to deliver malware via WhatsApp. A new cybersecurity report details a recent campaign involving a malicious worm and banking trojan designed to steal sensitive financial data and disrupt user accounts, highlighting mounting risks in crypto markets and the importance of heightened vigilance in the digital asset space.



  • Cybercriminals are exploiting WhatsApp's popularity to distribute malware targeting Brazilian crypto users.

  • The campaign involves a hijacking worm and Eternidade Stealer banking trojan, enabling widespread theft of financial information.

  • -malware uses clever techniques such as email-based command and control to evade detection and shutdown.

  • Brazil, as Latin America's largest crypto adopter, remains a significant target for cyber threats in the crypto sector.

  • Users are advised to exercise caution with links and delivery messages, keep software updated, and enable security measures.




Brazilian cryptocurrency owners are currently under threat from a sophisticated hacking campaign that employs both a hijacking worm and a financial malware known as Eternidade Stealer. These cyberattacks are being executed through WhatsApp messages that entice users into clicking malicious links, risking their crypto holdings and financial data.



According to a report from Trustwave’s cybersecurity research team SpiderLabs, the malicious campaign involves social engineering tactics, including messages about “fake government programs,” delivery notifications, or even correspondence from friends and fraudulent investment groups. The goal: to trick users into clicking links that trigger malware downloads.



“WhatsApp remains one of the most exploited communication channels in Brazil’s cybercrime ecosystem,” said SpiderLabs researchers Nathaniel Morales, John Basmayor, and Nikita Kazymirskyi. “Threat actors have honed their tactics over the past two years, leveraging the platform’s widespread use to distribute banking trojans and data-stealing malware.”



Once the victim clicks on the malicious link, a chain reaction ensues. The worm infects the device, hijacks the user’s WhatsApp account, and accesses their contact list. It employs “smart filtering” to target specific contacts, avoiding groups and business contacts for discreet operations.





Infographic illustrating how the malware infects devices and executes its attack. Source: SpiderLabs



Meanwhile, the Eternidade Stealer banking trojan is silently downloaded onto the victim’s device. It quickly scans for banking and cryptocurrency login credentials related to Brazilian banks, fintech apps, and crypto exchanges. This theft poses a serious threat to digital asset security, especially given the recent surge in crypto adoption across Brazil, which remains Latin America’s leading market for cryptocurrency activity and ranks fifth globally for crypto adoption according to Chainalysis’s 2025 index.



The malware’s design incorporates a cunning method to evade detection. Instead of connecting to a fixed command-and-control server, it uses a pre-set Gmail account to receive instructions via email. This approach allows hackers to dynamically update commands and maintain control over infected devices, complicating efforts to counteract the malware’s spread.



“The malware uses hardcoded credentials to log into its email account, which it then uses to retrieve commands, making it resilient against takedowns,” the report explains. “If email communication fails, it defaults to a hardcoded fallback server.”



How to Stay Safe in Crypto and Messaging Apps


Crypto users should remain cautious when receiving links, even from trusted contacts. Verifying suspicious messages via a different communication channel is a good practice. Regularly updating software and employing robust anti-virus protections can also reduce the risk of infection.



If users suspect they have fallen prey to this malware, it is critical to immediately freeze access to all related crypto and banking accounts. Monitoring transactions enables authorities or exchanges to track and potentially freeze hacker assets, helping to prevent further losses.



As crypto markets grow, so does the need for comprehensive security awareness and proactive measures to protect digital assets from evolving cyber threats.



https://www.cryptobreaking.com/whatsapp-worm-sparks-brazils-eternidade/?utm_source=blogger%20&utm_medium=social_auto&utm_campaign=WhatsApp%20Worm%20Sparks%20Brazil's%20Eternidade%20Stealer%20Banking%20Trojan%20Outbreak%20
Labels:

Comments

Post a Comment

Popular posts from this blog

Coinbase's x402 launches AI agents app store for payments

Coinbase-backed x402 has unveiled Agentic.market, a dedicated marketplace aimed at increasing the usefulness of AI agents by aggregating thousands of apps and services that agents can access without any API keys. The rollout positions the platform as a central hub for agents to discover, evaluate, and deploy capabilities across a standardized payments layer. Coinbase product lead Nick Prince described Agentic.market in a video posted on X as a storefront for discovering, comparing, and using x402 services. The marketplace is designed to give both humans and their AI agents access to a wide range of tools—from data feeds to consumer apps—without the friction of managing API credentials. A storefront for discovering, comparing, and using x402 services. Thousands of services. Zero API keys. Powered by x402. Prince added that the market offers a web interface for humans to browse and assess services, alongside a programming layer that lets AI agents autonomously search, filter, and integra...
Post a Comment
Read more

Top Cryptocurrencies to Watch: BTC, ETH, BNB, XRP, Solana, Dogecoin & More

Market Analysis and Price Predictions for Key Cryptocurrencies Recent market dynamics reveal a cautious sentiment across the cryptocurrency landscape, with Bitcoin struggling to maintain levels above $90,000 and many major altcoins facing downward pressure. Indicators point toward reduced participation from both institutional and retail investors, raising concerns about a potential consolidation phase after notable gains earlier in the year. Bitcoin has fallen below $87,000, reflecting waning demand at higher price points. Institutional fund flows into BTC and ETH ETFs have turned negative, indicating a period of subdued market activity. Active addresses and Binance deposit/withdrawal activities are at annual lows, suggesting market indecision. Most leading altcoins are approaching support levels, with some poised for potential breakdowns. Tickers mentioned: Bitcoin, Ethereum, Binance Coin, XRP, Solana, Dogecoin, Cardano, Bitcoin Cash, Chainlink, Hyperliquid Sentiment: Neutral to Sli...
Post a Comment
Read more

Analyst: Bitcoin can reclaim $100K without a new narrative

Bitcoin has stalled below the $100,000 threshold, marking a run of almost five months without a breakout above that level. As of the latest market close, BTC hovered around $78,250 after a February nadir of about $60,000, underscoring a slow, grinding recovery amid broader market dynamics. In parallel, tech markets—especially AI-focused equities—have captured the spotlight, with investors rotating capital away from crypto in search of different risk-reward profiles. Nvidia (NVDA), the leading AI stock by market cap, has gained about 5.08% since the start of the year, while Bitcoin has faced a roughly 10% dip over the same period, illustrating a diverging performance within risk assets. MN Trading Capital founder Michael van de Poppe suggested that Bitcoin may not require a fresh narrative to push back above $100,000. In a post on X, he asked what narrative would drive BTC to the milestone and concluded that “price moves upwards, and the narrative will create itself.” He continued that ...
Post a Comment
Read more