Maverick WhatsApp Web banking malware targeting Brazil
Malware Activity
Summary
Hide ▲
Show ▼
The Maverick banking malware is actively spreading through WhatsApp Web, increasing the risk of credential theft and contact-list abuse across Brazilian victims. It uses a self-propagating delivery chain to move from infected accounts to new targets and focus on banking URLs. The activity matters because the malware combines propagation, browser-session hijacking, and phishing in a single operation.
Related Happenings
TCLBANKER banking trojan activity targeting 59 financial platforms
Malware Activity
First: 08.05.2026 21:12
Last: 08.05.2026 21:12
Sources 1
About this happening:
**TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...
TCLBANKER banking trojan activity targeting 59 financial platforms
Malware ActivityAbout this happening: **TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...
TCLBanker self-spreading banking trojan
Malware Activity
First: 08.05.2026 01:06
Last: 08.05.2026 01:06
Sources 1
About this happening:
The **TCLBanker** trojan now combines **trojanized installer** delivery with **self-spreading worm modules**, widening access to **59 banking, fintech, and cryptocurrency platform...
TCLBanker self-spreading banking trojan
Malware ActivityAbout this happening: The **TCLBanker** trojan now combines **trojanized installer** delivery with **self-spreading worm modules**, widening access to **59 banking, fintech, and cryptocurrency platform...
JanelaRAT malware activity targeting Latin American banks
Malware Activity
First: 13.04.2026 20:15
Last: 13.04.2026 20:15
Sources 1
About this happening:
**JanelaRAT** continues targeting **Latin American banks and financial institutions**, with telemetry showing **14,739 attacks in Brazil** in **2025** and **11,695 in Mexico**, ra...
JanelaRAT malware activity targeting Latin American banks
Malware ActivityAbout this happening: **JanelaRAT** continues targeting **Latin American banks and financial institutions**, with telemetry showing **14,739 attacks in Brazil** in **2025** and **11,695 in Mexico**, ra...
Storm infostealer server-side decryption activity
Malware Activity
First: 02.04.2026 17:15
Last: 02.04.2026 17:15
Sources 1
About this happening:
The **Storm** infostealer now steals **browser credentials**, **session cookies**, and **crypto wallets** and forwards them to attacker infrastructure for **server-side decryption...
Storm infostealer server-side decryption activity
Malware ActivityAbout this happening: The **Storm** infostealer now steals **browser credentials**, **session cookies**, and **crypto wallets** and forwards them to attacker infrastructure for **server-side decryption...
Venom Stealer MaaS continuous credential theft and exfiltration
Malware Activity
First: 01.04.2026 16:30
Last: 01.04.2026 16:30
Sources 1
About this happening:
The **Venom Stealer** **malware-as-a-service** platform has been identified as a **credential-theft** threat that keeps exfiltrating data after infection, extending the window for...
Venom Stealer MaaS continuous credential theft and exfiltration
Malware ActivityAbout this happening: The **Venom Stealer** **malware-as-a-service** platform has been identified as a **credential-theft** threat that keeps exfiltrating data after infection, extending the window for...
Timeline
-
11.11.2025 20:37 2 articles · 6mo ago
Maverick WhatsApp Web banking malware targets Brazil
Initial DisclosureCyberProof, Trend Micro, Sophos, and Kaspersky described Maverick as a WhatsApp Web-propagated banking trojan linked to Water Saci, with code and behavior overlapping Coyote. The malware targets Brazilian users and banks, monitors banking URLs, delivers payloads through a ZIP archive and a Windows shortcut (LNK) that launches cmd.exe or PowerShell to fetch content from zapgrande[.]com, and can disable Microsoft Defender Antivirus and UAC; CyberProof also saw targeting of hotels in Brazil, while Trend Micro described SORVEPOTEL, an email-based C2 path, and remote pause/resume control.
Show sources
- WhatsApp Malware 'Maverick' Hijacks Browser Sessions to Target Brazil's Biggest Banks — thehackernews.com — 11.11.2025 20:37
- WhatsApp Malware 'Maverick' Hijacks Browser Sessions to Target Brazil's Biggest Banks — thehackernews.com — 11.11.2025 20:37