TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
Summary
Threat hunters have identified a new Brazilian banking trojan named TCLBANKER that targets 59 financial, fintech, and cryptocurrency platforms. The malware, tracked as REF3076 by Elastic Security Labs, appears to be an evolved version of the Maverick trojan and utilizes a worm called SORVEPOTEL for propagation.
IFF Assessment
The discovery of a new banking trojan capable of targeting numerous financial platforms poses a significant threat to financial institutions and their customers.
Defender Context
Defenders should be aware of TCLBANKER as it represents a new and evolving threat to financial services. Monitoring for its indicators of compromise and understanding its propagation methods, particularly the SORVEPOTEL worm via WhatsApp and Outlook, is crucial for proactive defense.