TCLBANKER: Banking Trojan Spreads via WhatsApp and Outlook

Colleagues, a cybersecurity alert: the TCLBANKER trojan targets 59 banks and fintech firms.
- Infection via a signed MSI (Logi AI Prompt Builder) using DLL side‑loading and anti‑analysis; system locale targeted: Brazilian Portuguese.
- Banking module employs WebSocket and WPF overlays to exfiltrate credentials; features include keylogger, screenshots, remote control and self‑update.
- Worm propagates through WhatsApp Web and Outlook by sending phishing messages from compromised accounts, improving delivery rates.
Why it matters: the campaign evades filters by leveraging trusted communications channels.
How will you strengthen email and messenger defenses?
#cybersecurity #phishing #bankingtrojan #infosec


Latest comments
No comments yet.