Hackers are reportedly targeting 59 banking, fintech and cryptocurrency platforms while spreading across popular apps such as WhatsApp and Outlook.
A Trojan called TCLBanker infects Windows systems through tainted Microsoft installation packages. Reports BleepingComputer.
It was discovered by Elastic Security Labs, whose researchers believe it is a significant evolution of the older Maverick and Sorvepotel malware families.
The report says that TCLBanker checks infected devices for time zone, keyboard layout, and locale. The malware includes worm modules that allow it to spread automatically via WhatsApp and Microsoft Outlook.
Once a targeted site is opened, the malware creates a WebSocket session with its command and control server and initiates remote control operations.
The malware operator’s capabilities include live screen streaming, screenshots, keylogging, clipboard hijacking, shell command execution, file system access, and remote mouse and keyboard control.
TCLBanker also uses fake overlay screens to collect credentials, PINs, phone numbers, and other sensitive information. These overlays can include fake credential prompts, PIN keypads, bank support waiting screens, Windows Update screens, and fake progress screens.
BleepingComputer says TCLBanker appears to be targeting apps in Brazil, monitoring the victim’s browser address bar every second and monitoring visits to one of its 59 targeted platforms.
Follow us on X, Facebook and cable
Never miss a beat – Subscribe Get email alerts delivered directly to your inbox
browse Hodel’s daily mix
 
Disclaimer: The opinions expressed in The Daily Hodl are not investment advice. Investors should conduct due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please note that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the purchase or sale of any assets including cryptocurrencies, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated image: mid-flight
