Synopsis: A WhatsApp worm combined with the Eternidade Stealer banking trojan targets Brazilian users, hijacking accounts to steal crypto wallet and bank login data via deceptive messages. Vigilance is key to avoid infection and financial loss.
A new cyber threat is rapidly spreading in Brazil, exploiting WhatsApp to hijack accounts and steal access to crypto wallets and bank logins. This malware campaign uses a self-spreading worm combined with a banking trojan known as Eternidade Stealer. Brazilian users should remain alert to avoid falling victim to this cunning attack.
How the Attack Works
The attack begins with a fake message on WhatsApp, appearing as a government alert, delivery update, or invitation from investment groups. When clicked, a worm infects the device, taking over the WhatsApp account and sending itself to contacts.
It smartly avoids business groups, focusing on trusted personal contacts to spread stealthily. At the same time, the Eternidade Stealer trojan installs in the background, scanning for financial data from banks, fintechs, and crypto platforms. This trojan uses deceptive overlays to steal usernames and passwords, capturing everything without triggering suspicion.
Why Brazilian Crypto Users Are at Risk
Brazil leads Latin America in crypto use and ranks fifth globally for adoption in 2025. With WhatsApp deeply embedded in daily life for communication and business, cybercriminals have perfected this platform as an attack vector.
The worm and trojan combo targets major banks, popular fintech services, and global and local crypto wallets. This makes not just active traders but anyone using digital financial apps vulnerable. The scale and sophistication of these hacks show cybercriminals are becoming bolder and more effective in Brazil.
The Eternidade Stealer uses a smart trick to stay hidden and update itself. Instead of a fixed command server, it checks a preset Gmail account to receive commands. This method helps hackers evade network detection and continue the attack even if some controls try to block the malware. If email access fails, the trojan switches to a fallback server, ensuring it remains active and dangerous.
How to Protect Yourself
Users should never click on unexpected links, even if they come from known contacts. Confirm suspicious messages by reaching out to the sender through another app or call. Regularly update WhatsApp and the operating system to patch vulnerabilities. Enable two-step verification on WhatsApp and use strong, unique passwords for all financial apps.
Installing antivirus software can also help detect threats early. If hacked, immediately freeze all bank and crypto accounts to prevent loss. Tracking stolen funds can sometimes help authorities intercept hacker wallets.
This WhatsApp worm reminds us that even trusted platforms can hide serious risks. Staying cautious and spreading awareness within networks can help curb this growing threat. Your vigilance is the first line of defense against losing control of your crypto and bank accounts.
Written By Fazal Ul Vahab C H
