BorsaDEX+
Kripto AlPiyasalarSpotVadeli İşlemler500XBirikimEtkinlikler
Daha Fazla
ELIZAOS Etkinliği2000g
The post Brazilian crypto users hit by WhatsApp malware campaign targeting crypto wallets appeared on BitcoinEthereumNews.com. Bad actors are weaponizing WhatsApp to deliver a hijacking worm and banking trojan in Brazil that targets their crypto wallets. Summary SpiderLabs has warned about a WhatsApp‑based malware campaign in Brazil that deploys a worm and banking trojan to target crypto users. The malware is able to harvest sensitive information related to the victim’s crypto exchange account and wallets. Trustwave’s cybersecurity research team SpiderLabs has uncovered a major campaign involving the Eternidade Stealer, which can quietly harvest financial information, login data, and other sensitive details associated with banking portals, fintech apps, and crypto exchanges on the victim’s device. Threat actors were found to be using complex social engineering schemes involving “fake government programs, delivery notifications, and even fraudulent investment groups shared through WhatsApp messages and groups,” the report said. Attackers are using a two‑stage process to deliver the malicious payload that includes a WhatsApp‑propagating worm and a Delphi‑based banking trojan. When the victim clicks a worm link, it triggers an automated sequence that hijacks the WhatsApp session, downloads the MSI installer in the background, and deploys the stealer that scans for financial applications and crypto wallets. “When it detects a match, for example, a window title or process name linked to Bradesco, BTG Pactual, Binance, Coinbase, MetaMask, Trust Wallet, or another financial brand, the malware immediately decrypts and activates its next-stage payload,” Spiderlabs researchers explained. Another concerning trait of the campaign, besides its stealthy nature, is that the worm is able to access the victim’s contact list, which lets it target other potential victims. Meanwhile, it prevents detection by using “hardcoded credentials to log into its email account,” which is retrieved from a Gmail inbox controlled by the operator. By using IMAP over SSL to fetch commands, a method that blends with ordinary user email traffic, the malware is able… The post Brazilian crypto users hit by WhatsApp malware campaign targeting crypto wallets appeared on BitcoinEthereumNews.com. Bad actors are weaponizing WhatsApp to deliver a hijacking worm and banking trojan in Brazil that targets their crypto wallets. Summary SpiderLabs has warned about a WhatsApp‑based malware campaign in Brazil that deploys a worm and banking trojan to target crypto users. The malware is able to harvest sensitive information related to the victim’s crypto exchange account and wallets. Trustwave’s cybersecurity research team SpiderLabs has uncovered a major campaign involving the Eternidade Stealer, which can quietly harvest financial information, login data, and other sensitive details associated with banking portals, fintech apps, and crypto exchanges on the victim’s device. Threat actors were found to be using complex social engineering schemes involving “fake government programs, delivery notifications, and even fraudulent investment groups shared through WhatsApp messages and groups,” the report said. Attackers are using a two‑stage process to deliver the malicious payload that includes a WhatsApp‑propagating worm and a Delphi‑based banking trojan. When the victim clicks a worm link, it triggers an automated sequence that hijacks the WhatsApp session, downloads the MSI installer in the background, and deploys the stealer that scans for financial applications and crypto wallets. “When it detects a match, for example, a window title or process name linked to Bradesco, BTG Pactual, Binance, Coinbase, MetaMask, Trust Wallet, or another financial brand, the malware immediately decrypts and activates its next-stage payload,” Spiderlabs researchers explained. Another concerning trait of the campaign, besides its stealthy nature, is that the worm is able to access the victim’s contact list, which lets it target other potential victims. Meanwhile, it prevents detection by using “hardcoded credentials to log into its email account,” which is retrieved from a Gmail inbox controlled by the operator. By using IMAP over SSL to fetch commands, a method that blends with ordinary user email traffic, the malware is able…

Brazilian crypto users hit by WhatsApp malware campaign targeting crypto wallets

Yazar: BitcoinEthereumNews
2025/11/20 17:10
Bad Idea AI
BAD$0.00000000168-4.54%
Major
MAJOR$0.11337-4.11%
Chainlink
LINK$12.73-6.05%
Openverse Network
BTG$6.698+0.08%
Intuition
TRUST$0.1125+0.08%

Bad actors are weaponizing WhatsApp to deliver a hijacking worm and banking trojan in Brazil that targets their crypto wallets.

Summary

  • SpiderLabs has warned about a WhatsApp‑based malware campaign in Brazil that deploys a worm and banking trojan to target crypto users.
  • The malware is able to harvest sensitive information related to the victim’s crypto exchange account and wallets.

Trustwave’s cybersecurity research team SpiderLabs has uncovered a major campaign involving the Eternidade Stealer, which can quietly harvest financial information, login data, and other sensitive details associated with banking portals, fintech apps, and crypto exchanges on the victim’s device.

Threat actors were found to be using complex social engineering schemes involving “fake government programs, delivery notifications, and even fraudulent investment groups shared through WhatsApp messages and groups,” the report said.

Attackers are using a two‑stage process to deliver the malicious payload that includes a WhatsApp‑propagating worm and a Delphi‑based banking trojan. When the victim clicks a worm link, it triggers an automated sequence that hijacks the WhatsApp session, downloads the MSI installer in the background, and deploys the stealer that scans for financial applications and crypto wallets.

“When it detects a match, for example, a window title or process name linked to Bradesco, BTG Pactual, Binance, Coinbase, MetaMask, Trust Wallet, or another financial brand, the malware immediately decrypts and activates its next-stage payload,” Spiderlabs researchers explained.

Another concerning trait of the campaign, besides its stealthy nature, is that the worm is able to access the victim’s contact list, which lets it target other potential victims.

Meanwhile, it prevents detection by using “hardcoded credentials to log into its email account,” which is retrieved from a Gmail inbox controlled by the operator. By using IMAP over SSL to fetch commands, a method that blends with ordinary user email traffic, the malware is able to bypass network filters and remain difficult to trace.

“It is a very clever way to update its C2, maintain persistence, and evade detections or takedowns on a network level. If the malware cannot connect to the email account, it uses a hardcoded fallback C2 address,” researchers added.

SpiderLabs researchers have urged Brazilian crypto users to remain alert, especially on WhatsApp, which has become a favored tool for social engineering-based malware campaigns.

“WhatsApp continues to be one of the most exploited communication channels in Brazil’s cybercrime ecosystem. Over the past two years, threat actors have refined their tactics, using the platform’s immense popularity to distribute banker trojans and information-stealing malware,” researchers warned.

Crypto adoption in Brazil has soared over the past few years, and with recent developments like potential plans to establish a national Bitcoin reserve and enforce a proper regulatory framework, the country has drawn increased attention from global investors and local users alike. On the Chainalysis Global Crypto Adoption Index, Brazil ranks fifth, while it stands as Latin America’s largest crypto market by volume.

As such, it remains a prime target for scammers and other bad actors seeking to exploit inexperienced users or take advantage of poorly protected systems.

Eternidade Stealer is a kind of infostealer, which, as mentioned above, can silently monitor applications, extract sensitive credentials, and activate fake overlays to harvest user data..

Back in September, security platform Mosyle uncovered one such cross-platform threat called ModStealer that remained undetected for weeks and was found to be targeting crypto wallets across macOS, Windows, and Linux environments. By using obfuscated JavaScript code within a Node.js environment, the malware was able to infiltrate developer systems and exfiltrate private keys and clipboard data from over 50 browser wallet extensions.

More recently, a Google Threat Intelligence Group report warned that bad actors have started using artificial intelligence to develop malware that can rewrite its own code in real time, making it a lot harder to detect or neutralize.

Source: https://crypto.news/brazilian-crypto-users-hit-by-whatsapp-malware-campaign-targeting-crypto-wallets/

Piyasa Fırsatı
Bad Idea AI Logosu
Bad Idea AI Fiyatı(BAD)
$0.00000000168
$0.00000000168$0.00000000168
+0.59%
USD
Bad Idea AI (BAD) Canlı Fiyat Grafiği
Sorumluluk Reddi: Bu sitede yeniden yayınlanan makaleler, halka açık platformlardan alınmıştır ve yalnızca bilgilendirme amaçlıdır. MEXC'nin görüşlerini yansıtmayabilir. Tüm hakları telif sahiplerine aittir. Herhangi bir içeriğin üçüncü taraf haklarını ihlal ettiğini düşünüyorsanız, kaldırılması için lütfen [email protected] ile iletişime geçin. MEXC, içeriğin doğruluğu, eksiksizliği veya güncelliği konusunda hiçbir garanti vermez ve sağlanan bilgilere dayalı olarak alınan herhangi bir eylemden sorumlu değildir. İçerik, finansal, yasal veya diğer profesyonel tavsiye niteliğinde değildir ve MEXC tarafından bir tavsiye veya onay olarak değerlendirilmemelidir.

Ayrıca Şunları da Beğenebilirsiniz

Trump-Backed WLFI Plunges 58% – Buyback Plan Announced to Halt Freefall

Trump-Backed WLFI Plunges 58% – Buyback Plan Announced to Halt Freefall

World Liberty Financial (WLFI), the Trump-linked DeFi project, is scrambling to stop a market collapse after its token lost over 50% of its value in September. On Friday, the project unveiled a full buyback-and-burn program, directing all treasury liquidity fees to absorb selling pressure. According to a governance post on X, the community approved the plan overwhelmingly, with WLFI pledging full transparency for every burn. The urgency of the move reflects WLFI’s steep losses in recent weeks. WLFI is trading Friday at $0.19, down from its September 1 peak of $0.46, according to CoinMarketCap, a 58% drop in less than a month. Weekly losses stand at 12.85%, with a 15.45% decline for the month. This isn’t the project’s first attempt at intervention. Just days after launch, WLFI burned 47 million tokens on September 3 to counter a 31% sell-off, sending the supply to a verified burn address. For World Liberty Financial, the buyback-and-burn program represents both a damage-control measure and a test of community faith. While tokenomics adjustments can provide short-term relief, the project will need to convince investors that WLFI has staying power beyond interventions. WLFI Launches Buyback-and-Burn Plan, Linking Token Scarcity to Platform Growth According to the governance proposal, WLFI will use fees generated from its protocol-owned liquidity (POL) pools on Ethereum, BNB Chain, and Solana to repurchase tokens from the open market. Once bought back, the tokens will be sent to a burn address, permanently removing them from circulation.WLFI Proposal Source: WLFI The project stressed that this system ties supply reduction directly to platform growth. As trading activity rises, more liquidity fees are generated, fueling larger buybacks and burns. This seeks to create a feedback loop where adoption drives scarcity, and scarcity strengthens token value. Importantly, the plan applies only to WLFI’s protocol-controlled liquidity pools. Community and third-party liquidity pools remain unaffected, ensuring the mechanism doesn’t interfere with external ecosystem contributions. In its proposal, the WLFI team argued that the strategy aligns long-term holders with the project’s future by systematically reducing supply and discouraging short-term speculation. Each burn increases the relative stake of committed investors, reinforcing confidence in WLFI’s tokenomics. To bolster credibility, WLFI has pledged full transparency: every buyback and burn will be verifiable on-chain and reported to the community in real time. WLFI Joins Hyperliquid, Jupiter, and Sky as Buyback Craze Spills Into Wall Street WLFI’s decision to adopt a full buyback-and-burn strategy places it among the most ambitious tokenomic models in crypto. While partly a response to its sharp September price decline, the move also reflects a trend of DeFi protocols leveraging revenue streams to cut supply, align incentives, and strengthen token value. Hyperliquid illustrates the model at scale. Nearly all of its platform fees are funneled into automated $HYPE buybacks via its Assistance Fund, creating sustained demand. By mid-2025, more than 20 million tokens had been repurchased, with nearly 30 million held by Q3, worth over $1.5 billion. This consistency both increased scarcity and cemented Hyperliquid’s dominance in decentralized derivatives. Other protocols have adopted variations. Jupiter directs half its fees into $JUP repurchases, locking tokens for three years. Raydium earmarks 12% of fees for $RAY buybacks, already removing 71 million tokens, roughly a quarter of the circulating supply. Burn-based models push further, as seen with Sky, which has spent $75 million since February 2025 to permanently erase $SKY tokens, boosting scarcity and governance influence. But the buyback phenomenon isn’t limited to DeFi. Increasingly, listed companies with crypto treasuries are adopting aggressive repurchase programs, sometimes to offset losses as their digital assets decline. According to a report, at least seven firms, ranging from gaming to biotech, have turned to buybacks, often funded by debt, to prop up falling stock prices. One of the latest is Thumzup Media, a digital advertising company with a growing Web3 footprint. On Thursday, it launched a $10 million share repurchase plan, extending its capital return strategy through 2026, after completing a $1 million program that saw 212,432 shares bought at an average of $4.71. DeFi Development Corp, the first public company built around a Solana-based treasury strategy, also recently expanded its buyback program to $100 million, up from $1 million, making it one of the largest stock repurchase initiatives in the digital asset sector. Together, these cases show how buybacks, whether in tokenomics or equities, are emerging as a key mechanism for stabilizing value and signaling confidence, even as motivations and execution vary widely
Paylaş
CryptoNews2025/09/26 19:12
Son of filmmaker Rob Reiner charged with homicide for death of his parents

Son of filmmaker Rob Reiner charged with homicide for death of his parents

FILE PHOTO: Rob Reiner, director of "The Princess Bride," arrives for a special 25th anniversary viewing of the film during the New York Film Festival in New York
Paylaş
Rappler2025/12/16 09:59
Bitcoin Peak Coming in 45 Days? BTC Price To Reach $150K

Bitcoin Peak Coming in 45 Days? BTC Price To Reach $150K

The post Bitcoin Peak Coming in 45 Days? BTC Price To Reach $150K appeared first on Coinpedia Fintech News Bitcoin has delivered one of its strongest performances in recent months, jumping from September lows of $108K to over $117K today. But while excitement is high, market watchers warn the clock is ticking.  History shows Bitcoin peaks don’t last forever, and analysts now believe the next major top could arrive within just 45 days, with …
Paylaş
CoinPedia2025/09/18 15:49