This report details a new cyber campaign targeting Brazilian users with a WhatsApp-based distribution of the Eternidade Stealer banking trojan. The campaign employs social engineering, WhatsApp hijacking, and Delphi-based malware, with some global indicators of activity. #EternidadeStealer #WaterSaci #WhatsAppHijacking #DelphiMalware
Keypoints
- The campaign targets Brazilian users using social engineering and WhatsApp hijacking to distribute malware.
- The malware uses a Python script leveraging WPPConnect to automate messaging and contact harvesting.
- It employs an MSI installer and AutoIt scripts to verify system language and profile hardware, then injects the Eternidade Stealer payload.
- The Delphi-based malware searches for banking, payment, and cryptocurrency-related strings to steal credentials.
- The attackers maintain persistence by connecting to a C2 server, which they update via email or embedded fallback addresses.
Read More: https://thehackernews.com/2025/11/python-based-whatsapp-worm-spreads.html