TCLBanker is a new banking trojan that targets 59 banking, fintech, and cryptocurrency platforms using a trojanized MSI installer for Logitech AI Prompt Builder to infect systems. It also includes self-spreading worm modules for WhatsApp and Outlook, and Elastic Security Labs says it may represent a major evolution of the Maverick/Sorvepotel family. #TCLBanker #ElasticSecurityLabs #Maverick #Sorvepotel #Logitech
Keypoints
- TCLBanker targets 59 banking, fintech, and cryptocurrency platforms.
- It spreads through a trojanized MSI installer for Logitech AI Prompt Builder.
- The malware uses DLL side-loading and strong anti-analysis defenses.
- Its operators can steal data, control sessions, and display fake overlays.
- Worm modules abuse WhatsApp and Outlook to infect new victims automatically.