Python-based worm hacking WhatsApp across devices in Brazil, what it tells about software development in South America

A sophisticated malware campaign is making use of WhatsApp to distribute the Eternidade Stealer banking trojan across Brazil, using social engineering tactics and automated message propagation to compromise financial credentials and personal data. Brazil is among Meta-owned WhatsApp’s biggest markets.

Trustwave SpiderLabs researchers uncovered the campaign, which marks a notable evolution in Brazilian cybercrime tactics. The attack begins with an obfuscated Visual Basic Script that deploys two distinct payloads: a Python-based WhatsApp worm and an MSI installer containing the Delphi-built Eternidade Stealer. It is not clear if virus has spread to other countries as well.