Find notable cyber news and cases, enriched with sources, timelines, and signals.

Eternidade WhatsApp worm-and-stealer activity in Brazil

Malware Activity
First reported
Last updated
Happening score
H score 34
1 unique sources, 1 articles

Summary

Hide ▲

The Eternidade Trojan is spreading through WhatsApp in Brazil, using trusted contacts to deliver a worm that steals banking credentials.

Related Happenings

WhatsApp VBScript infection chain installing ManageEngine RMM Central

Malware Activity
H score20 First: 23.06.2026 08:38 Last: 23.06.2026 08:38 Sources 1

About this happening: **VBScript attachments** spread through **WhatsApp direct messages** are now driving a **multi-stage Windows infection chain** that can end in remote access to victim systems. The...

WhatsApp VBScript phishing campaign targeting users in multiple countries

Campaign
H score43 First: 23.06.2026 01:42 Last: 23.06.2026 01:42 Sources 1

About this happening: An **ongoing phishing campaign** is using **compromised WhatsApp accounts** to send **obfuscated VBScript files** to users in **multiple countries**, creating a path to **remote s...

NSO Group WhatsApp spear-phishing campaign

Campaign
H score37 First: 08.06.2026 20:08 Last: 08.06.2026 20:08 Sources 1

About this happening: **NSO Group** remains tied to a **WhatsApp** spear-phishing **campaign** that used **malicious links** to push targets to external websites outside the app. On **June 8**, WhatsAp...

TA4922 expanded European phishing-and-malware campaign

Campaign
H score40 First: 04.06.2026 00:45 Last: 04.06.2026 00:45 Sources 1

About this happening: **TA4922** is a **China-linked** cybercrime campaign that has expanded from **East Asia** into **Europe and Africa**, including **the U.K., Germany, Italy, and South Africa**. The...

Grandoreiro DLL side-loading campaign targeting banks in Portugal

Campaign
H score26 First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: **Grandoreiro** is running a new **DLL side-loading** campaign against **banks in Portugal**, extending a long-lived banking-malware operation into **2026**. The latest wave uses...

Timeline

  1. 20.11.2025 16:00 2 articles · 7mo ago

    Eternidade WhatsApp worm-and-stealer campaign in Brazil

    Initial Disclosure

    Eternidade is a WhatsApp-spreading Trojan targeting Brazil that combines a worm stage that harvests a victim's WhatsApp contacts and sends personalized Portuguese messages with a stealer stage that checks for Brazilian Portuguese, avoids corporate or sandboxed hosts, and then steals banking credentials from services including Bank of Brazil, Santander, Stripe, Coinbase, Binance, Metamask, and Ledger Live. The malware can also download, upload, and exfiltrate files, capture screenshots, log keystrokes, and switch to a new C2 address through attacker-controlled email, while LevelBlue reports roughly 10,000 infected systems in the malware's command-and-control infrastructure.

    Show sources