COMMENT: The malware spreads through a WhatsApp worm that steals contacts and sends infected files to fresh targets.BSCN (@BSCNews):BRAZIL SOUNDS ALARM ON NEW WHATSAPP CRYPTO MALWARE WAVE- Brazil’s cybersecurity teams are warning users about a fast-moving malware campaign spreading through WhatsApp.- The threat stems from a new banking Trojan called Eternidade Stealer, marking one of the sharpest rises in https://t.co/ysrEMnr2NZ ...

Threat Landscape - Brazil's cybersecurity teams are warning about a fast-moving malware campaign spreading through WhatsApp, marking a sharp rise in cybercrime activity this year [1] - The threat stems from a new banking Trojan called Eternidade Stealer, utilizing a WhatsApp-propagating worm as its entry point [1] - The Trojan activates only on systems set to Brazilian Portuguese, targeting banking, fintech, and crypto applications [2] - Criminal groups are abusing WhatsApp's screen-sharing feature to steal verification codes, hijack accounts, and drain funds, with victims reporting losses reaching six-figure territory [4] Malware Tactics & Techniques - The malware uses Python automation to hijack active WhatsApp sessions and send personalized messages [2] - The worm clones messages, steals contacts, and sends the same infected ZIP file across a victim's network with no human action required [4] - The stealer gathers system information, checks for antivirus tools, and grabs browser details, monitoring apps tied to major Brazilian banks and crypto services [3] - Attackers use an IMAP mailbox to pull command-and-control details, providing extra resilience when domains get shut down [3] Mitigation & Prevention - Authorities recommend logging out of all sessions, resetting your WhatsApp account, alerting contacts, and scanning devices if compromise is suspected [5] - Users should avoid installing remote-access tools sent through messages and ignore ZIP files and "urgent" fixes forwarded on WhatsApp [7] - Enabling two-step verification is recommended for extra account protection [7]