Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Eternidade Stealer WhatsApp-propagating banking Trojan

Malware Activity
First reported
Last updated
Happening score
H score 33
2 unique sources, 2 articles

Summary

Hide ▲

Eternidade Stealer is a WhatsApp-propagating banking trojan targeting users in Brazil. The campaign combines an obfuscated Visual Basic Script, a Python WhatsApp worm, and an MSI/AutoIt dropper that injects the stealer into svchost.exe using process hollowing. The malware uses IMAP and a terra.com[.]br mailbox to refresh C2 details, and it can steal keystrokes, capture screenshots, and exfiltrate files.

Related Happenings

TCLBANKER banking trojan activity targeting 59 financial platforms

Malware Activity
First: 08.05.2026 21:12 Last: 08.05.2026 21:12 Sources 1

About this happening: **TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...

Open Happening

TCLBanker self-spreading banking trojan

Malware Activity
First: 08.05.2026 01:06 Last: 08.05.2026 01:06 Sources 1

About this happening: The **TCLBanker** trojan now combines **trojanized installer** delivery with **self-spreading worm modules**, widening access to **59 banking, fintech, and cryptocurrency platform...

Open Happening

Mirax Android banking trojan with residential proxy nodes

Malware Activity
First: 13.04.2026 17:30 Last: 13.04.2026 17:30 Sources 1

About this happening: Mirax is spreading across **Europe** with **remote access** and **residential proxy** features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...

Open Happening

Augmented Marauder / Water Saci multi-pronged phishing campaign targeting Latin America and Europe

Campaign
First: 01.04.2026 15:36 Last: 01.04.2026 15:36 Sources 1

About this happening: **Water Saci** is actively evolving a **WhatsApp Web worm** in **Brazil** that uses **HTA** and **PDF** lures to deliver a **banking trojan**. The latest wave shifts from **PowerS...

Open Happening

Perseus Android malware family actively distributed in the wild

Malware Activity
First: 19.03.2026 14:43 Last: 19.03.2026 14:43 Sources 1

About this happening: The **Perseus** **Android malware** family is being actively distributed in the wild, putting infected devices at risk of **device takeover** and **financial fraud**. It spreads t...

Open Happening

Timeline

  1. 19.11.2025 17:00 3 articles · 6mo ago

    Trustwave SpiderLabs identifies Eternidade Stealer WhatsApp-propagating banking Trojan

    Initial Disclosure

    Trustwave SpiderLabs identifies Eternidade Stealer as a newly observed banking Trojan affecting Brazil’s cybercrime ecosystem, using WhatsApp as both an entry point and a propagation channel. The malware combines a Python-written WhatsApp worm, a Delphi-based stealer and an MSI dropper to harvest financial data, system details and contact lists, while also using hard-coded email credentials to retrieve fresh C2 details from an IMAP mailbox. It targets Brazilian Portuguese systems, checks for banking, fintech and cryptocurrency applications, and focuses on desktop environments, with backend logs showing 454 connection attempts from 38 countries.

    Show sources
    Open in new tab