Find notable cyber news and cases, enriched with sources, timelines, and signals.

Eternidade Stealer WhatsApp-propagating banking Trojan

Malware Activity
First reported
Last updated
Happening score
H score 30
2 unique sources, 2 articles

Summary

Hide ▲

Eternidade Stealer is a WhatsApp-propagating banking trojan targeting users in Brazil. The campaign combines an obfuscated Visual Basic Script, a Python WhatsApp worm, and an MSI/AutoIt dropper that injects the stealer into svchost.exe using process hollowing. The malware uses IMAP and a terra.com[.]br mailbox to refresh C2 details, and it can steal keystrokes, capture screenshots, and exfiltrate files.

Related Happenings

QuimaRAT cross-platform Java MaaS remote access trojan

Malware Activity
H score29 First: 06.07.2026 11:13 Last: 06.07.2026 11:13 Sources 1

About this happening: A new **QuimaRAT** **MaaS** offering expands cross-platform malware risk by packaging a modular **Java-based RAT** for **Windows, Linux, and macOS**. The activity matters because...

MacOS.Gaslight prompt-injection technique aimed at AI-assisted triage

Technical Analysis
H score23 First: 24.06.2026 17:00 Last: 24.06.2026 17:00 Sources 1

About this happening: **macOS.Gaslight** is a **Rust-based macOS implant and information stealer** assessed with high confidence as the work of **North Korea-aligned threat actors**. The sample uses **...

WhatsApp VBScript infection chain installing ManageEngine RMM Central

Malware Activity
H score20 First: 23.06.2026 08:38 Last: 23.06.2026 08:38 Sources 1

About this happening: **VBScript attachments** spread through **WhatsApp direct messages** are now driving a **multi-stage Windows infection chain** that can end in remote access to victim systems. The...

WhatsApp VBScript phishing campaign targeting users in multiple countries

Campaign
H score43 First: 23.06.2026 01:42 Last: 23.06.2026 01:42 Sources 1

About this happening: An **ongoing phishing campaign** is using **compromised WhatsApp accounts** to send **obfuscated VBScript files** to users in **multiple countries**, creating a path to **remote s...

NSO Group WhatsApp spear-phishing campaign

Campaign
H score37 First: 08.06.2026 20:08 Last: 08.06.2026 20:08 Sources 1

About this happening: **NSO Group** remains tied to a **WhatsApp** spear-phishing **campaign** that used **malicious links** to push targets to external websites outside the app. On **June 8**, WhatsAp...

Timeline

  1. 19.11.2025 17:00 3 articles · 7mo ago

    Trustwave SpiderLabs identifies Eternidade Stealer WhatsApp-propagating banking Trojan

    Initial Disclosure

    Trustwave SpiderLabs identifies Eternidade Stealer as a newly observed banking Trojan affecting Brazil’s cybercrime ecosystem, using WhatsApp as both an entry point and a propagation channel. The malware combines a Python-written WhatsApp worm, a Delphi-based stealer and an MSI dropper to harvest financial data, system details and contact lists, while also using hard-coded email credentials to retrieve fresh C2 details from an IMAP mailbox. It targets Brazilian Portuguese systems, checks for banking, fintech and cryptocurrency applications, and focuses on desktop environments, with backend logs showing 454 connection attempts from 38 countries.

    Show sources