Emerging Threats: Cybersecurity Risks Targeting Crypto Users

Brazilian crypto holders are being warned about a sophisticated hacking campaign that targets their wallets and bank accounts via WhatsApp messages. According to a report from Trustwave's SpiderLabs, a banking trojan called Eternidade Stealer is being disseminated through social engineering tactics on WhatsApp, exploiting fake government programs, delivery notifications, and messages from friends or fraudulent investment groups. The report highlights that WhatsApp remains a key communication channel in Brazil's cybercrime landscape, with threat actors refining their tactics over the past two years to distribute banker trojans and information-stealing malware.

The attack process is initiated when a victim clicks on a worm link sent through WhatsApp. This action triggers a dual infection: both the worm and the banking trojan. The worm hijacks the victim's WhatsApp account, accessing their contact list while employing smart filtering to focus on individual contacts rather than business connections, thereby enhancing its efficiency. Meanwhile, the Eternidade Stealer trojan is automatically downloaded to the victim's device, where it operates in the background to scan for sensitive financial data, including logins to various Brazilian banks, fintech platforms, and crypto exchanges.

One of the distinctive features of this malware is its ability to evade detection. Rather than relying on a fixed server address, the malware connects to a pre-set Gmail account to receive new commands via email. This allows hackers to update their command and control infrastructure dynamically. Moreover, if the malware cannot connect to the email account, it resorts to a hardcoded fallback command and control address.

Brazil is notable for its high level of cryptocurrency adoption, ranking as the largest country for crypto in Latin America and fifth in Chainalysis's 2025 Global Crypto Adoption Index. Given this context, the risks posed by such malware are significant. To protect themselves, users of apps like WhatsApp are advised to be cautious about clicking links, even if they appear to come from trusted contacts. It is recommended to verify suspicious links through a different messaging app. Users should also ensure their software is up to date and consider using antivirus software to detect potential threats. In the event of an attack, it is crucial to freeze access to banking and crypto services immediately and to track any stolen funds, which could aid exchanges and authorities in recovering assets.

Overall, the emergence of the Eternidade Stealer trojan highlights the pressing need for enhanced security measures and user awareness in the cryptocurrency sector, particularly in regions with high crypto adoption like Brazil.