In the bustling digital avenues of Brazil, where WhatsApp messages chime like city bells and family groups buzz with everyday chatter, a silent menace has begun to creep through someone’s contact list like a ghostly whisper. A sophisticated new malware campaign have uncovered by cybersecurity researchers that weaponizes WhatsApp itself to spread a notorious banking trojan called Astaroth, and it’s as clever as it is unsettling.
Dubbed the Boto Cor-de-Rosa campaign by analysts, this operation doesn’t rely on tricking users with phony downloads or shady websites alone, it hijacks trusted communication. Once a victim opens a seemingly innocent ZIP file sent over WhatsApp, a camouflage script springs to life, quietly unleashing a two-headed threat. One part burrows into the victim’s machine to monitor banking activity and quietly harvest credentials; the other part springs into action like a microscopic worm.
Here’s where the story becomes unnervingly smart: rather than sitting dormant, the malware scours the victim’s WhatsApp contact list and automatically dispatches new infected messages to every person it finds, using carefully worded greetings in Portuguese tailored to the time of day. “Good morning,” “good afternoon,” even “good evening,” each message feels human, familiar, and just friendly enough to bait the next bite.
Security researchers point out that this isn’t just brute force; it’s social engineering woven with automation, a blending of psychology and code that significantly boosts the malware’s reach and trust factor. The code even keeps real-time tabs on how many messages were delivered and how fast they’re spreading.
Although Astaroth has long plagued Latin America with credential theft and financial fraud, this WhatsApp-centric twist marks a new evolution, turning a tool Americans and Brazilians use daily into a launching pad for infection. Experts warn that this trend shows how attackers are innovating faster than many users’ instincts can keep up.
The moral? Even that innocent-looking ZIP attachment from a familiar name might be a wolf in digital sheep’s clothing.
Caught feelings for cybersecurity? It’s okay, it happens. Follow us on LinkedIn, Youtube and Instagram to keep the spark alive.
