Water Saci is evolving its malware delivery techniques by utilizing a layered infection chain involving HTML Applications and PDFs, primarily targeting Brazilian users through WhatsApp with sophisticated social engineering. The campaign also includes the use of AI to convert scripts from PowerShell to Python, increasing its stealth and resilience, while a new NFC relay Android malware named RelayNFC is targeting contactless payments in Brazil. #WaterSaci #RelayNFC
Keypoints
- Water Saci’s attack chain uses HTA files and PDFs to infect users via WhatsApp in Brazil.
- The malware has shifted from PowerShell to a Python-based variant for faster, more resilient infection delivery.
- The banking trojan monitors targeted banking apps and cryptocurrency platforms for credential theft.
- Water Saci appears to have used AI tools to assist in script conversion and malware automation.
- RelayNFC Android malware employs NFC relay attacks to siphon payment data from contactless cards.
Read More: https://thehackernews.com/2025/12/brazil-hit-by-banking-trojan-spread-via.html