VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

TCLBANKER: Banking Trojan Spreads via WhatsApp and Outlook

TCLBANKER: банковский троян распространяется через WhatsApp и Outlook

Colleagues, a cybersecurity alert: the TCLBANKER trojan targets 59 banks and fintech firms.

- Infection via a signed MSI (Logi AI Prompt Builder) using DLL side‑loading and anti‑analysis; system locale targeted: Brazilian Portuguese.
- Banking module employs WebSocket and WPF overlays to exfiltrate credentials; features include keylogger, screenshots, remote control and self‑update.
- Worm propagates through WhatsApp Web and Outlook by sending phishing messages from compromised accounts, improving delivery rates.

Why it matters: the campaign evades filters by leveraging trusted communications channels.

How will you strengthen email and messenger defenses?

#cybersecurity #phishing #bankingtrojan #infosec

Latest comments

No comments yet.