Cybersecurity researchers say hackers are manipulating WhatsApp to steal people’s banking credentials.
The researchers have discovered a banking trojan affecting people who use WhatsApp Web.
The malware infects Windows computers when victims open malicious ZIP files received in messages.
This triggers a script that downloads the main payload, which then takes unauthorized control of the victim’s WhatsApp Web session on the infected machine, allowing it to harvest contacts and send malicious files to them without breaching WhatsApp’s servers.
The payload deploys two distinct modules that run in parallel: a classic banking trojan for stealing credentials and a separate module that transforms the infected machine into a self-spreading worm.
Named “Boto Cor-de-Rosa” by Acronis Threat Research Unit, the campaign is initially targeting Brazilians, using culturally tailored Portuguese messages like “Bom dia” to lure clicks.
Once installed, the Delphi-based Trojan steals credentials from banking sites.
Users should avoid unknown attachments and enable multi-factor authentication.
Follow us on X, Facebook and Telegram
Don’t Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Check Price Action
Surf The Daily Hodl Mix
 
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated Image: Midjourney