TCLBANKER is a newly identified Brazilian banking trojan that targets 59 banking, fintech, and cryptocurrency platforms while using advanced anti-analysis and environment-gating techniques to evade detection. It also spreads through hijacked WhatsApp Web sessions and Microsoft Outlook accounts, combining credential theft, remote control, and social engineering to expand its reach. #TCLBANKER #Maverick #SORVEPOTEL #WaterSaci #WhatsApp #MicrosoftOutlook #LogiAIPromptBuilder
Keypoints
- TCLBANKER is a new Brazilian banking trojan targeting 59 financial platforms.
- The malware uses a signed Logitech installer and DLL side-loading to launch its loader.
- It includes strong anti-analysis checks, ETW disabling, and environment-based payload decryption.
- The trojan can steal credentials, control browsers, and perform remote actions through WebSocket.
- It spreads through WhatsApp Web and Microsoft Outlook to send malicious messages from victim accounts.
Read More: https://thehackernews.com/2026/05/tclbanker-banking-trojan-targets.html