TCLBANKER Trojan Spreads Through WhatsApp and Outlook to Target Financial Platforms

Researchers at Elastic have identified a new Brazilian banking trojan called TCLBANKER that targets 59 banking, fintech, and cryptocurrency platforms through phishing and worm-based propagation. The malware abuses a signed Logitech application for DLL side-loading, deploys advanced anti-analysis techniques, and uses WhatsApp Web and Microsoft Outlook to spread malicious installers directly through victims’ trusted accounts and contact lists. Once active, the trojan can monitor banking-related URLs, steal credentials through fake overlays, capture screenshots, log keystrokes, and remotely control infected systems. Security researchers warn that TCLBANKER reflects the growing sophistication of financially motivated malware campaigns, combining stealth, social engineering, and trusted communication channels to evade traditional defenses.

Reference: thehackernews.com