Find notable cyber news and cases, enriched with sources, timelines, and signals.

Eternidade Stealer WhatsApp propagation campaign

Campaign
First reported
Last updated
Happening score
H score 42
3 unique sources, 3 articles

Summary

Hide ▲

Eternidade Stealer is a WhatsApp-propagating banking Trojan targeting users in Brazil. The campaign combines social engineering with a WhatsApp hijacking worm and an MSI/AutoIt delivery chain to spread a Delphi-based stealer that injects into svchost.exe. It uses IMAP and a terra.com[.]br mailbox to refresh C2 details, and it focuses on banking, fintech, and crypto apps such as Bradesco, BTG Pactual, MercadoPago, Stripe, Binance, Coinbase, MetaMask, and Trust Wallet.

Related Happenings

WhatsApp VBScript infection chain installing ManageEngine RMM Central

Malware Activity
H score20 First: 23.06.2026 08:38 Last: 23.06.2026 08:38 Sources 1

About this happening: **VBScript attachments** spread through **WhatsApp direct messages** are now driving a **multi-stage Windows infection chain** that can end in remote access to victim systems. The...

WhatsApp VBScript phishing campaign targeting users in multiple countries

Campaign
H score43 First: 23.06.2026 01:42 Last: 23.06.2026 01:42 Sources 1

About this happening: An **ongoing phishing campaign** is using **compromised WhatsApp accounts** to send **obfuscated VBScript files** to users in **multiple countries**, creating a path to **remote s...

NSO Group WhatsApp spear-phishing campaign

Campaign
H score37 First: 08.06.2026 20:08 Last: 08.06.2026 20:08 Sources 1

About this happening: **NSO Group** remains tied to a **WhatsApp** spear-phishing **campaign** that used **malicious links** to push targets to external websites outside the app. On **June 8**, WhatsAp...

TA4922 expanded European phishing-and-malware campaign

Campaign
H score40 First: 04.06.2026 00:45 Last: 04.06.2026 00:45 Sources 1

About this happening: **TA4922** is a **China-linked** cybercrime campaign that has expanded from **East Asia** into **Europe and Africa**, including **the U.K., Germany, Italy, and South Africa**. The...

Grandoreiro DLL side-loading campaign targeting banks in Portugal

Campaign
H score26 First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: **Grandoreiro** is running a new **DLL side-loading** campaign against **banks in Portugal**, extending a long-lived banking-malware operation into **2026**. The latest wave uses...

Timeline

  1. 19.11.2025 17:00 3 articles · 7mo ago

    Eternidade Stealer disclosure and technical overview

    Initial Disclosure

    Eternidade Stealer is a newly identified banking Trojan affecting Brazil’s cybercrime ecosystem and using WhatsApp as both an entry point and a propagation channel. The campaign combines an obfuscated VBScript, a Python-written WhatsApp worm, an MSI dropper, and a Delphi-built stealer to automate messaging, steal contacts with wppconnect libraries, harvest financial data, and retrieve fresh command-and-control details from IMAP for resilience against takedowns; it also targets Brazilian Portuguese systems and banking, fintech, and cryptocurrency applications.

    Show sources