Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users
An active campaign was identified spreading malware through WhatsApp via ZIP file attachments. When executed, the malware establishes persistence and hijacks the compromised WhatsApp account to propagate further by automatically sending malicious messages to the victim's contacts. The self-propagating nature enables rapid spread through trust networks. The research details the infection chain, persistence mechanisms, WhatsApp API abuse for propagation, and C2 communication protocols targeting Brazilian users.
Related Research
AI-Assisted Fake GitHub Repositories Fuel SmartLoader and LummaStealer Distribution
Uncovered AI-generated fake GitHub repositories distributing SmartLoader and LummaStealer through convincing but malicious code projects.
PureRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading
Uncovered PureRAT targeting job seekers using renamed Foxit PDF Reader for DLL side-loading and Python-based shellcode loaders.
Nitrogen Ransomware: Fake Updates and Malicious Browser Extensions
Thread on the rapidly evolving Nitrogen ransomware group using social engineering via fake updates and malicious browser extensions for initial access.