Skip to content
- Brazil’s crypto market is being targeted by cybercriminals using WhatsApp to spread malware.
- Eternidade Stealer malware hijacks WhatsApp, steals login credentials, and spreads via contacts.
- Cybercriminals exploit social engineering techniques to deceive victims with fake investment schemes.
Cybercriminals in Brazil are exploiting WhatsApp to distribute a dangerous malware campaign targeting crypto wallets and banking data. Trustwave’s SpiderLabs discovered the campaign, which uses the Eternidade Stealer, a two-stage worm and banking trojan. The malware silently steals financial information, login credentials, and other sensitive data from victims’ devices, posing significant risks to users.
The attack will begin with social engineering techniques. Cybercriminals use WhatsApp messages to send deceptive messages about government programs, delivery notices, and fraudulent investment offers.
A worm is triggered by manipulating the victim to click an infected link. The worm steals the WhatsApp account of the victim and installs an Msi file that delivers the Eternidade Stealer.
Eternidade Stealer Targets Financial Apps
After installation, the Eternidade Stealer performs a scan of the device for financial apps, such as popular crypto wallets and banking services, such as Bradesco, Binance, Coinbase, MetaMask, and Trust Wallet.
The malware classifies financial apps based on the fishy window title or process name of these apps. Upon the match, it triggers its payload and robs secured data like log-in data and keys.
One of the worrying aspects of the worm is that it can get into the contact book of the target. This enables the malware to infect other possible victims. The worm can infect more individuals by using the WhatsApp contacts.
The malware circumvents detection by hardcoded Gmail credentials to download instructions via an inbox with the attacker controlling it. It transfers through IMAP with the help of an encrypted version of the SSL algorithm that enables the program to act as ordinary email and avoid network-based email addresses.
Also Read: Ondo Global Markets Expands Tokenized US Stocks and ETFs Across Europe
Brazil’s Crypto Boom Attracts More Cybercriminals and Fraudulent Schemes
Brazil has one of the fastest-evolving cryptocurrency markets; therefore, it is a perfect target of such an attack. It has become Latin America’s largest crypto market by volume and the fifth largest in the Chainalysis Global Crypto Adoption Index.
Source: Chainalysis
The increase in cryptocurrency use also increases the number of scams and attacks targeting novice users. This growing popularity of digital currencies is being exploited by cybercriminals.
Trustwave experts have advised Brazilian cryptocurrency users to be wary of the internet, particularly when using WhatsApp. The platform is now used as a widely used tool to propagate malware using the social engineering technique.
Users are not to follow suspicious links or be suspicious of unsolicited messages and especially should be aware of fraudulent investments or government initiatives.
The crypto market in Brazil is not declining, so bad actors will probably increase their activity. Professionals specializing in cybersecurity advise people to follow high-quality security measures, two-factor authentication, and frequent checking of their accounts. With the emergence of new threats, it is very important to remain alert in order to protect personal and financial information.
Also Read: CEA Industries Expands BNB Holdings to Over $13M Amid Cryptocurrency Decline
