/i.s3.glbimg.com/v1/AUTH_59edd422c0c84a879bd37670ae4f538a/internal_photos/bs/2021/H/w/YbA657S3aYVfC0P9wboQ/g1-favicon.png){kind=small}
/i.s3.glbimg.com/v1/AUTH_da025474c0c44edd99332dddb09cabe8/internal_photos/bs/2023/1/X/nkkB7tSdirnIUbGhakCQ/favicon-o-globo.png){kind=small}
Overview
- The campaign relies on ZIP attachments or links that trigger Windows shortcut files and scripts to install the malware and establish persistence.
- Once on a PC with an active WhatsApp Web session, the malware automatically sends the malicious file to the victim’s contacts and groups, which can lead to account bans for spam.
- Trend Micro has logged 477 infections to date, 457 in Brazil, with indicators such as language and locale checks pointing to a Brazil-focused operation.
- Researchers say the malware can spy on browser activity and display fake banking interfaces, with configurations tied to major Brazilian banks and cryptocurrency platforms.
- Security guidance highlights disabling automatic media downloads, keeping systems updated, limiting file transfers on corporate machines, and logging out of WhatsApp Web when not in use, while WhatsApp issued general safety reminders.