A vicious WhatsApp worm is sweeping across Brazil, hijacking accounts and spreading like wildfire, delivering a devastating banking trojan that zeros in on cryptocurrency wallets and sensitive financial logins.
Brazilian users are on high alert as cybersecurity experts from Trustwave’s SpiderLabs team expose this sophisticated operation.
The worm is apparently paired with the notorious “Eternidade Stealer” trojan and lurks in innocent-looking messages like fake government aid offers, phony delivery alerts, notes from “friends,” or shady investment scams.
It is pretty much turning the nation’s favorite messaging app into a weapon of digital destruction.
“WhatsApp remains the crown jewel for cybercriminals in Brazil,” warn SpiderLabs researchers Nathaniel Morales, John Basmayor, and Nikita Kazymirskyi.
“Over the past two years, attackers have perfected their playbook, exploiting the app’s massive reach to flood devices with trojans and stealers.”
How Does the WhatsApp Worm Strike?
Misery starts with one fatal click. When victims tap a malicious link in a WhatsApp chat, they welcome the WhatsApp worm in a brutal chain reaction. The worm instantly takes control of the account, raids the contact list, and uses “smart filtering” to skip groups and business chats, focusing particulary on personal connections for maximum spread and minimum suspicion.
At the same time, a hidden file downloads silently, deploying Eternidade Stealer. This predator scans for logins to major Brazilian banks, fintech apps, and top crypto platforms like Binance, Coinbase, MetaMask, and Trust Wallet, siphoning credentials before victims even notice.
What makes this WhatsApp worm nearly unstoppable is the fact that attackers ditch fixed servers for a sneaky Gmail trick. Essentially the malware logs into a pre-hardcoded email account via IMAP to fetch fresh commands.
It falls back to a hidden backup server. “It’s genius-level evasion,” the report states, allowing endless updates without detection.
Brazil’s booming crypto scene makes it ground zero as the country tops Latin America in adoption and ranks fifth globally in Chainalysis’ 2025 Crypto Adoption Index, fueled by widespread use of wallets and exchanges.
Don’t let the WhatsApp worm claim your assets! Experts urge extreme caution like never clicking unsolicited links; even from known contacts. Watch for out-of-context messages with vague urgency and always follow best practices.
