Find notable cyber news and cases, enriched with sources, timelines, and signals.

TCLBANKER banking trojan activity targeting 59 financial platforms

Malware Activity
First reported
Last updated
Happening score
H score 20
1 unique sources, 1 articles

Summary

Hide ▲

TCLBANKER is a newly documented Brazilian banking trojan that can hit 59 banking, fintech, and cryptocurrency platforms, increasing the risk of credential theft and remote control. The malware uses a ZIP-delivered MSI, DLL side-loading, and aggressive anti-analysis checks to hide its payload. It also spreads through WhatsApp Web and Microsoft Outlook, extending the infection beyond the first victim.

Related Happenings

Edgecution malicious Microsoft Edge extension backdoor activity

Malware Activity
H score23 First: 24.06.2026 23:58 Last: 24.06.2026 23:58 Sources 1

About this happening: The **Edgecution** malware is extending a **Microsoft Edge** browser foothold into host-level compromise by abusing **Chrome Native Messaging** and launching a **Python-based back...

WhatsApp VBScript infection chain installing ManageEngine RMM Central

Malware Activity
H score20 First: 23.06.2026 08:38 Last: 23.06.2026 08:38 Sources 1

About this happening: **VBScript attachments** spread through **WhatsApp direct messages** are now driving a **multi-stage Windows infection chain** that can end in remote access to victim systems. The...

WhatsApp VBScript phishing campaign targeting users in multiple countries

Campaign
H score43 First: 23.06.2026 01:42 Last: 23.06.2026 01:42 Sources 1

About this happening: An **ongoing phishing campaign** is using **compromised WhatsApp accounts** to send **obfuscated VBScript files** to users in **multiple countries**, creating a path to **remote s...

Sefirah infostealer delivered through a malicious Hugging Face repository

Malware Activity
H score16 First: 09.05.2026 17:26 Last: 09.05.2026 17:26 Sources 1

About this happening: A malicious **Hugging Face** repository impersonated **OpenAI’s Privacy Filter** and delivered **sefirah**, a **Rust-based infostealer**, to **Windows** users, creating credential...

TCLBanker self-spreading banking trojan

Malware Activity
H score31 First: 08.05.2026 01:06 Last: 08.05.2026 01:06 Sources 1

About this happening: The **TCLBanker** trojan now combines **trojanized installer** delivery with **self-spreading worm modules**, widening access to **59 banking, fintech, and cryptocurrency platform...

Timeline

  1. 08.05.2026 21:12 2 articles · 2mo ago

    TCLBANKER malware disclosure

    Initial Disclosure

    Elastic Security Labs identified TCLBANKER as a previously undocumented Brazilian banking trojan targeting 59 banking, fintech, and cryptocurrency platforms. The malware chain uses a malicious MSI inside a ZIP file, abuses a signed Logitech program for DLL side-loading, and propagates through WhatsApp Web and Microsoft Outlook while focusing on Brazilian Portuguese systems.

    Show sources