Eternidade Stealer, a worm and banking trojan, is targeting Brazilian crypto holders through WhatsApp.
Brazilian crypto holders are being targeted by a hijacking worm and banking trojan spread through WhatsApp.
The malicious messages may appear as “fake government programs” or even come from a friend, so users should stay alert and avoid clicking suspicious links.
Rise in WhatsApp Scams Threatens Brazil’s Crypto Community
SpiderLabs, the cybersecurity research team of Trustwave, released a report detailing the operation of the banking trojan dubbed “Eternidade Stealer.”
The report states that the banking trojan is being spread via social engineering on messaging apps, especially WhatsApp. It appears as fake government programs, delivery notifications, messages from friends, or fraudulent investment groups.
When a crypto user clicks the worm link on WhatsApp, they set off a chain reaction that infects them with both the worm and the banking trojan.
Once the file is downloaded, it scans a user’s device for financial data, which it uses to siphon their crypto assets. As a result, Brazilian crypto holders have been advised to remain vigilant, avoiding suspicious links at all costs.
Over the last few months, there has been a notable increase in the volume of exploits, hacks, and scams within the crypto space.
However, SpiderLabs researchers noted that “WhatsApp continues to be one of the most exploited communication channels in Brazil’s cybercrime ecosystem.”
Crypto Hackers Leverage Sophisticated Tactics
In their report, Nathaniel Morales, John Basmayor, and Nikita Kazymirskyi explained further how these bad actors have refined their exploitation tactics over the last two years.
Their use of WhatsApp to distribute banker trojans and information-stealing malware comes from the platform’s immense popularity among residents of the country.
Other experts would agree that cybercriminals have switched to more sophisticated tactics over the years.
ZachXBT, an onchain investigator, caught sight of a bad actor who siphoned $3 million in digital assets from a US citizen.
He then swapped the stolen funds via Bridgers and went as far as utilizing over-the-counter (OTC) venues tied to Huione to launder the assets.
On September 12, the Shibarium bridge was hacked, and the perpetrators carted away with more than $4 million in crypto assets.
The attack leveraged a flash loan, which helped in compromising validator signing keys, giving the hacker access and control over the protocol.
Overall, the Shibarium bridge hacker siphoned up to 4.6 million BONE.
next