A cryptographic data-stealing worm attack spread via WhatsApp has emerged in Brazil.

According to a report by Cointelegraph, hackers in Brazil are spreading a worm-banking trojan combination via WhatsApp, delivering "Eternidade Stealer" to steal login information from crypto wallets and financial accounts. The worm hijacks accounts and intelligently filters groups and business contacts, spreading only to personal contacts; the trojan automatically downloads and runs, scanning local financial data and logging into multiple banks, exchanges, and wallets. This malware uses a pre-set Gmail account to obtain and update C2 commands, reverting to a hard-coded C2 response when a connection fails to connect, thus maintaining persistence and evading shutdown. The security team SpiderLabs advises caution when clicking on unfamiliar or suspicious links, and to immediately freeze access to banks and crypto services if compromised.