TCLBANKER Banking Trojan Targets 59 Financial Platforms in Brazil

Threat hunters at Elastic Security Labs have identified a new Brazilian banking trojan named TCLBANKER, tracked under the moniker REF3076, which targets 59 financial platforms, including banking, fintech, and cryptocurrency services. The malware is considered a significant update to the Maverick family, previously known for using the SORVEPOTEL worm. TCLBANKER spreads via malicious campaigns leveraging WhatsApp and Outlook as infection vectors. No specific dates, CVE IDs, or geographic limitations beyond Brazil were mentioned in the reported activity. The primary impact involves unauthorized access to financial accounts and potential data exfiltration.