New WhatsApp Hijacking Campaign Distributes Delphi-Based Eternidade Stealer Banking Trojan in Brazil

Cybersecurity researchers have uncovered a new campaign leveraging social engineering and WhatsApp hijacking to distribute the Delphi-based Eternidade Stealer banking Trojan, targeting users in Brazil. This campaign is notable for its use of the IMAP protocol to dynamically retrieve command-and-control (C2) addresses, allowing cybercriminals to maintain flexible control over their operations. The Eternidade Stealer is designed to steal financial information, and its use of Delphi—a less common language for malware—may help it evade traditional detection methods. The IMAP protocol, typically used for email retrieval, is an unusual choice for C2 communication, potentially enabling the attackers to blend their traffic with legitimate network activity. This campaign highlights the evolving tactics of cybercriminals, who are increasingly leveraging unconventional methods to avoid detection. The targeting of WhatsApp users in Brazil suggests a focus on regions where specific platforms are widely used, increasing the effectiveness of social engineering attacks. Cybersecurity professionals should monitor IMAP traffic for unusual patterns and educate users about the risks of social engineering attacks on messaging platforms. Implementing advanced threat detection systems capable of identifying and mitigating unconventional attack vectors is also recommended. This campaign underscores the importance of comprehensive network monitoring and user education in combating evolving cyber threats. Note: The provided URL refers to a Python-based WhatsApp worm, which may indicate a discrepancy with the details provided in the message. The analysis is based on the information given in the message.