A dangerous new malware strain is spreading rapidly across Brazil, placing millions of WhatsApp users at risk worldwide. Security researchers at Trustwave SpiderLabs have identified the Trojan, named “Eternidade Stealer”, which is engineered to steal banking information and sensitive cryptocurrency wallet data from infected devices.
BRAZIL SOUNDS ALARM ON NEW WHATSAPP CRYPTO MALWARE WAVE
– Brazil’s cybersecurity teams are warning users about a fast-moving malware campaign spreading through WhatsApp.
– The threat stems from a new banking Trojan called Eternidade Stealer, marking one of the sharpest rises in… pic.twitter.com/ysrEMnr2NZ
— BSCN (@BSCNews) November 20, 2025
A Highly Sophisticated Trojan Spreading Through WhatsApp
Eternidade Stealer, written in Delphi, propagates through malicious WhatsApp messages. The malware leverages multiple open-source protocols, including WPPConnect and IMAP, to both ensure rapid spread and maintain communication with remote command-and-control (C2) servers.
According to the Trustwave report, victims are initially targeted through an obfuscated VBS script. Once executed, the malware scans the user’s WhatsApp contact list, filters group chats, broadcast lists, and business profiles, and exfiltrates all harvested data.
The Trojan then uses stolen names and phone numbers to automatically send personalized WhatsApp messages containing new malicious payloads to additional targets, amplifying its reach.
Targets Both Banking Apps and Major Crypto Wallets
After compromising a device, Eternidade Stealer connects to its remote C2 server, which allows attackers to send real-time instructions, modify attack vectors, and update the malware’s behavior.
Researchers found that the Trojan explicitly targets popular Brazilian banking apps as well as a wide range of cryptocurrency platforms and wallets. These include:
Binance
Coinbase
Kraken
Bitfinex
MetaMask
Trust Wallet
KuCoin
Ledger
Trezor
MyCrypto
PancakeSwap
SushiSwap
1inch
Phantom
Solflare
And many more
With over 3 billion WhatsApp users globally, analysts warn that the attack’s current geographic concentration in Brazil may not last long.
Global Spread Considered Likely
Trustwave researchers emphasize that the malware’s command-and-control server can dynamically modify Eternidade Stealer’s logic, messaging style, and propagation behavior. This adaptability makes the Trojan a growing threat that could easily spread beyond Brazil.
Experts also caution that advancements in AI-assisted malware development are accelerating the evolution of cyberattacks. Eternidade Stealer appears to be an advanced iteration of earlier Trojan families, suggesting even more potent variants may emerge.
Security analysts warn that a large-scale WhatsApp-based attack represents a high-value opportunity for cybercriminals, given the platform’s massive global user base. A secure wallet is essential for all crypto users.
