Critical Risk: WhatsApp Worm Spreads Automatically to Crypto Wallet Users in Brazil
A new and highly aggressive strain of malware is leveraging the widespread use of WhatsApp Web in Brazil to conduct high-speed attacks designed directly at stealing cryptocurrency and banking information. This threat is called Eternidade Stealer (related to Maverick trojan) and employs a self-replicating worm to infect Windows desktop users at an alarming rate.
The Attack Vector
The initial step is to establish an effective social engineering phishing prompt or trick. This is where the victim receives a WhatsApp message or from their own contacts who have been compromised to send out such messages for their hackers or from unknown numbers and involves receiving a ZIP file for opening on one's desktop computer to carry out its stages successfully.
Once run, "the script hijacks the active WhatsApp Web session," stealing "the victim's entire contact list" and "automatically spams the same malicious attachment to all contacts," thus forming "a devastating self-sustaining worm."
Potential Attacks: “The Malware Attack”
Targeting Crypto Assets
The final payload is named Eternidade Stealer and is designed to steal funds specifically. It first checks the geofence to see if it is within a region speaking Brazilian Portuguese before unleashing its payload. It also constantly looks at active windows and processes to find strings associated with major cryptocurrency exchanges.
Confirmed targets include: stock exchanges and software wallets such as:
Binance
Coinbase
MetaMask
Trust Wallet
When the targeted crypto app is launched, it makes use of "overlay-stealer" tactics or credential-harvesting techniques to steal private keys, passwords, as well as two-factor verification codes. This represents a dangerous evolution in local cyberriminal activities, as social trust is being utilized for huge-scale automated crypto-draining schemes.
Defensive Action
Users of crypto, especially those whose operational influence is registered in Brazil, should be very careful.
1) Do not open unexpected ZIP or LNK files received through WhatsApp communications even if it is from someone you know.
2) Always use hardware wallets for storing your cryptos safely
3) Two-Factor Authentication (2FA) for your crypto exchange accounts.
© 2025 BTC Now — All Rights Reserved.
Contact: info@btcnow.info
No comments