Recent research by the SpiderLabs cybersecurity team has detected a dangerous WhatsApp worm in Brazil designed to hijack accounts and empty digital wallets. This malicious software, identified as “Eternidade Stealer,” uses advanced social engineering techniques to deceive victims via fake messages about government programs or delivery notifications. Researchers Nathaniel Morales, John Basmayor, and Nikita Kazymirskyi warn that threat actors have refined their tactics to exploit the immense popularity of this messaging platform.
The attack begins when the user clicks on fraudulent links, triggering a dual infection that severely compromises the mobile device. On one hand, the worm component takes control of the account and applies smart filtering to ignore business contacts, focusing exclusively on individuals to maximize the spread of the virus among friends and family. Simultaneously, the banking trojan downloads and installs in the background, actively scanning the system for login credentials to local banks, fintechs, and digital asset exchange platforms.
How does this malware manage to evade traditional security systems and remain hidden?
What makes this threat particularly persistent is its ability to elude detection by using pre-set email accounts to receive commands. Unlike other viruses that rely on fixed servers, this malicious software queries Gmail accounts to update its operational instructions, using hardcoded credentials to retrieve its control server address. Thus, attackers can change orders by sending new emails, greatly hindering its shutdown or blocking by authorities at the network level.
On the other hand, the proliferation of this type of attack underscores the vulnerability of users in a region leading in technological adoption. Given that transactions on the Blockchain are immutable, the theft of private keys or credentials results in irreversible financial losses for unsuspecting investors. Therefore, the community must understand that mass messaging apps have become the preferred attack vector, demanding constant vigilance regarding any link received, even if it apparently comes from trusted contacts within their address book.
To mitigate these growing risks, experts suggest rigorously verifying the authenticity of links through alternative channels before interacting. Furthermore, keeping the operating system updated and using antivirus software can offer a vital additional layer of defense against these sophisticated intrusions. Likewise, if an infection is suspected, it is crucial to immediately freeze all financial access, as the speed of response determines the possibility of saving compromised assets before they are transferred.
