Eternidade WhatsApp worm-and-stealer activity in Brazil
Malware Activity
Summary
Hide ▲
Show ▼
The Eternidade Trojan is spreading through WhatsApp in Brazil, using trusted contacts to deliver a worm that steals banking credentials.
Related Happenings
Grandoreiro DLL side-loading campaign targeting banks in Portugal
Campaign
First: 27.05.2026 19:10
Last: 27.05.2026 19:10
Sources 1
About this happening:
**Grandoreiro** is running a new **DLL side-loading** campaign against **banks in Portugal**, extending a long-lived banking-malware operation into **2026**. The latest wave uses...
Grandoreiro DLL side-loading campaign targeting banks in Portugal
CampaignAbout this happening: **Grandoreiro** is running a new **DLL side-loading** campaign against **banks in Portugal**, extending a long-lived banking-malware operation into **2026**. The latest wave uses...
TCLBANKER banking trojan activity targeting 59 financial platforms
Malware Activity
First: 08.05.2026 21:12
Last: 08.05.2026 21:12
Sources 1
About this happening:
**TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...
TCLBANKER banking trojan activity targeting 59 financial platforms
Malware ActivityAbout this happening: **TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...
NoVoice Android malware hidden in Google Play apps
Malware Activity
First: 01.04.2026 21:07
Last: 01.04.2026 21:07
Sources 1
About this happening:
**NoVoice** Android malware was found hidden in **more than 50 Google Play apps**, exposing **at least 2.3 million downloads** to compromise. After installation, it used **old And...
NoVoice Android malware hidden in Google Play apps
Malware ActivityAbout this happening: **NoVoice** Android malware was found hidden in **more than 50 Google Play apps**, exposing **at least 2.3 million downloads** to compromise. After installation, it used **old And...
Augmented Marauder / Water Saci multi-pronged phishing campaign targeting Latin America and Europe
Campaign
First: 01.04.2026 15:36
Last: 01.04.2026 15:36
Sources 1
About this happening:
**Water Saci** is actively evolving a **WhatsApp Web worm** in **Brazil** that uses **HTA** and **PDF** lures to deliver a **banking trojan**. The latest wave shifts from **PowerS...
Augmented Marauder / Water Saci multi-pronged phishing campaign targeting Latin America and Europe
CampaignAbout this happening: **Water Saci** is actively evolving a **WhatsApp Web worm** in **Brazil** that uses **HTA** and **PDF** lures to deliver a **banking trojan**. The latest wave shifts from **PowerS...
SORVEPOTEL WhatsApp malware campaign spreads across Brazil
Campaign
First: 12.03.2026 19:31
Last: 12.03.2026 19:31
Sources 1
About this happening:
A **WhatsApp** malware campaign in **Brazil** is spreading **SORVEPOTEL**, a **self-propagating Windows malware** that uses **phishing ZIP attachments** and a desktop-only lure to...
SORVEPOTEL WhatsApp malware campaign spreads across Brazil
CampaignAbout this happening: A **WhatsApp** malware campaign in **Brazil** is spreading **SORVEPOTEL**, a **self-propagating Windows malware** that uses **phishing ZIP attachments** and a desktop-only lure to...
Timeline
-
20.11.2025 16:00 2 articles · 6mo ago
Eternidade WhatsApp worm-and-stealer campaign in Brazil
Initial DisclosureEternidade is a WhatsApp-spreading Trojan targeting Brazil that combines a worm stage that harvests a victim's WhatsApp contacts and sends personalized Portuguese messages with a stealer stage that checks for Brazilian Portuguese, avoids corporate or sandboxed hosts, and then steals banking credentials from services including Bank of Brazil, Santander, Stripe, Coinbase, Binance, Metamask, and Ledger Live. The malware can also download, upload, and exfiltrate files, capture screenshots, log keystrokes, and switch to a new C2 address through attacker-controlled email, while LevelBlue reports roughly 10,000 infected systems in the malware's command-and-control infrastructure.
Show sources
- WhatsApp 'Eternidade' Trojan Self-Propagates Through Brazil — www.darkreading.com — 20.11.2025 16:00
- WhatsApp 'Eternidade' Trojan Self-Propagates Through Brazil — www.darkreading.com — 20.11.2025 16:00