Eternidade Stealer spreads via WhatsApp hijacking, using Python scripts and IMAP-driven C2 updates to target Brazilian users.

The Tidyverse Blog offers insights, tutorials, and updates on the Tidyverse, a collection of R packages for data science and statistical computing. Covering topics such as data manipulation, visualization, and analysis, the blog provides resources for R developers looking to leverage the power of the Tidyverse for their data projects. Developers can learn how to use Tidyverse packages effectively to clean, transform, and analyze data in R.

The Hacker News

Eternidade Stealer, a Delphi-based banking trojan, targets Brazilian users through WhatsApp hijacking and social engineering. The malware uses a Python script (replacing previous PowerShell versions) to automate message spreading via WPPConnect, while employing IMAP to dynamically retrieve C2 addresses from compromised email accounts. The stealer monitors for banking portals, payment services, and cryptocurrency wallets, capturing credentials through overlays and keylogging. The campaign demonstrates hyper-localized targeting with OS language checks and geofencing that restricts C2 access to Brazil and Argentina, while blocked connections get redirected to Google.

Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices