TCLBANKER Malware Exploits WhatsApp and Outlook, Posing Threat to Users
A sophisticated Brazilian banking trojan named TCLBANKER has been identified as a significant threat, targeting users through WhatsApp and Microsoft Outlook. This malware, part of the REF3076 campaign, is an evolution of the Maverick and SORVEPOTEL families. It uses a fake, signed Logitech installer to infiltrate systems, spreading automatically via WhatsApp and Outlook. The malware is designed to evade detection by checking for security sandboxes and ensuring the victim is located in Brazil. Once active, it monitors web browsers for visits to 59 targeted financial sites, using full-screen overlays to steal user credentials. The malware spreads by hijacking WhatsApp Web sessions and sending phishing messages to contacts, and by controlling Outlook to send phishing emails from the victim's account. 
