TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms

SITREP: A new Brazilian banking trojan named TCLBANKER has been identified, capable of targeting 59 financial platforms including banks, fintechs, and cryptocurrency services. This malware is linked to a previously known variant, Maverick, and utilizes a worm called SORVEPOTEL for propagation through communication platforms like WhatsApp and Outlook. TACTICAL ASSESSMENT: The emergence of TCLBANKER indicates a significant evolution in cyber threats targeting financial institutions, particularly in Brazil. Its ability to spread through widely used communication tools suggests a strategic shift towards more sophisticated and accessible attack vectors. PROJECTED VECTORS: Future attacks may increase in frequency and sophistication as cybercriminals adopt similar tactics to exploit vulnerabilities in communication platforms.