Eternidade Stealer is a sophisticated banking trojan identified by Trustwave SpiderLabs, notable for its advanced infection techniques utilizing WhatsApp. The malware, written in Delphi, first employs an obfuscated VBScript to install a Python-based worm and an MSI installer for the trojan, capitalizing on the trust associated with WhatsApp messages. The trojan uniquely targets Brazilian users, verifying the operating language before executing to avoid detection and accidental activation.
The core function of Eternidade Stealer lies in its ability to harvest WhatsApp contact lists while filtering out business-related entries. Stolen contact data is sent to command-and-control servers without user interaction, enabling immediate exploitation. The trojan further features dual-layer persistence, allowing it to retrieve commands via an IMAP connection to a compromised email account. This feature facilitates ongoing communication between the malware and its operators and indicates a more extensive attack strategy beyond just Brazil, impacting over 40 Brazilian financial institutions and payment services.
Investigation into its operation revealed significant global connection attempts, suggesting threats could extend beyond Brazilian borders. The methodical design and specific targeting strategies underline the evolving sophistication of cybercriminal activities within the region, posing substantial risks to individuals and organizations alike.
👉 Pročitaj original: Cyber Security News
