WhatsApp Worm Spreads Banking Trojan Across Brazil, Targets Crypto Wallets
The campaign uses a banking trojan called Eternidade Stealer that specifically targets crypto wallets and financial logins across Latin America’s largest digital asset market.
How the Attack Works
The malware spreads through WhatsApp using two main components: a self-replicating worm and a banking trojan. When victims click a malicious link sent via WhatsApp, they trigger an automated sequence that hijacks their account and downloads harmful software in the background.
Trustwave SpiderLabs researchers identified this campaign in November 2025. The researchers noted that threat actors use fake government programs, delivery notifications, and fraudulent investment groups to trick people into clicking malicious links.
The worm component…
