Cyber threat actors exploit WhatsApp Web and email vulnerabilities to spread banking malware targeting Brazilian users. The campaigns involve sophisticated techniques, code overlaps, and remote command-and-control systems linked to the Water Saci and Coyote threats. #WaterSaci #Coyote #BrazilianBanks
Keypoints
- Water Saci and Coyote malware target Brazilian banking institutions and are written in .NET.
- The campaigns utilize WhatsApp Web hijacking and email-based C2 infrastructure for distribution and control.
- The malware can disable security tools, prepare system info, and steal credentials through remote commands.
- Water Saci spreads via ZIP archives containing malicious scripts that manipulate WhatsApp Web sessions.
- The attacks demonstrate a regional focus, sophisticated evasion tactics, and evolution from traditional payloads to messaging platform exploitation.
Read More: https://thehackernews.com/2025/11/whatsapp-malware-maverick-hijacks.html