Eternidade Stealer, a Delphi-based banking trojan, targets Brazilian users through WhatsApp hijacking and social engineering. The malware uses a Python script (replacing previous PowerShell versions) to automate message spreading via WPPConnect, while employing IMAP to dynamically retrieve C2 addresses from compromised email accounts. The stealer monitors for banking portals, payment services, and cryptocurrency wallets, capturing credentials through overlays and keylogging. The campaign demonstrates hyper-localized targeting with OS language checks and geofencing that restricts C2 access to Brazil and Argentina, while blocked connections get redirected to Google.
Sort: