📰 New TCLBANKER Trojan Spreads via WhatsApp and Outlook, Targeting 59 Brazilian Financial Apps

🇧🇷 New Banking Trojan 'TCLBANKER' targets 59 Brazilian financial apps! The malware spreads like a worm via WhatsApp & Outlook, using DLL side-loading to evade detection. Stay vigilant! 💻 #Malware #BankingTrojan #Brazil #Cybersecurity

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/new-tclbanker-trojan-targets-59-brazilian-financial-platforms-with-worm-lik…

📰 Grandoreiro Banking Trojan Resurges, Targeting Banks in Spain and Latin America

Grandoreiro banking trojan is back. 📈 New campaigns are targeting banks and customers in Spain and Latin America, using phishing and DLL side-loading to steal credentials with fake overlays. 🏦 #Grandoreiro #Malware #BankingTrojan #Phishing #Fintech

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/grandoreiro-banking-malware-resurges-with-campaigns-in-europe-and-latin-am…

A stealthy RAT burrowing deep into Android devices

BTMOB is an Android remote access trojan that evolved from SpySolr malware and poses significant threats beyond traditional banking trojans. The malware combines phishing-led delivery with an APK builder interface that enables rapid payload generation without coding skills. Distributed through fake app stores impersonating streaming services, cryptocurrency platforms, and government agencies, BTMOB abuses Android Accessibility Services to gain elevated permissions. Marketed as malware-as-a-service with a reported $5,000 lifetime license, it provides adversaries with capabilities to exfiltrate sensitive data, capture screenshots, record device activity, and establish remote control. The tool's customizable phishing lures have been adapted for specific regions, including campaigns impersonating Argentine tax authorities, making it a rapidly evolving threat with global reach.

Pulse ID: 6a1cc51d7c8f832f819a0a43
Pulse Link: https://otx.alienvault.com/pulse/6a1cc51d7c8f832f819a0a43
Pulse Author: AlienVault
Created: 2026-05-31 23:32:45

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APK #Android #Bank #BankingTrojan #CyberSecurity #Government #InfoSec #Malware #MalwareAsAService #OTX #OpenThreatExchange #Phishing #RAT #RemoteAccessTrojan #Trojan #bot #cryptocurrency #AlienVault

Inside Banana RAT: From Build Server to Banking Fraud

An MDR investigation successfully mapped the complete operational infrastructure of Banana RAT, a Brazilian banking trojan operated by threat cluster SHADOW-WATER-063. The investigation uncovered both server-side and client-side components, revealing a sophisticated FastAPI-based polymorphic payload generation system that produces hash-unique builds to evade detection. The malware employs layered obfuscation, AES-wrapped payloads, and fileless PowerShell execution. Once deployed, it enables operator-driven fraud through remote input control, keylogging, screen streaming, bank-branded overlays, and Pix QR code interception specifically targeting Brazilian financial institutions. The tooling exclusively targets 16 Brazilian banks and crypto exchanges, with all operator artifacts written in Brazilian Portuguese, indicating a financially motivated actor operating within the Tetrade banking trojan ecosystem.

Pulse ID: 6a0ce3af84b924ad15e27920
Pulse Link: https://otx.alienvault.com/pulse/6a0ce3af84b924ad15e27920
Pulse Author: AlienVault
Created: 2026-05-19 22:26:55

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #BankingTrojan #Brazil #CryptoExchange #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #PowerShell #RAT #RCE #Trojan #bot #AlienVault

Banking Trojan Targets Crypto Firms with Sophisticated Attacks

A new banking Trojan, dubbed TCLBanker, is wreaking havoc on crypto and finance platforms, allowing hackers to remotely control infected systems and steal sensitive info. This sophisticated attack, linked to North Korea's notorious Lazarus Group, has already led to the largest crypto platform hack of 2026.

https://osintsights.com/banking-trojan-targets-crypto-firms-with-sophisticated-attacks?utm_source=mastodon&utm_medium=social

#Tclbanker #BankingTrojan #LazarusGroup #NorthKorea #CryptoFirms

TCLBanker is targeting Android users with banking trojan capabilities - stealing credentials, intercepting messages, and abusing trust at scale. Mobile is still prime territory. 📱💸 #BankingTrojan #AndroidSecurity

https://thehackernews.com/2026/05/tclbanker-banking-trojan-targets.html

Albiriox: il malware Android che svuota i conti correnti
#Albiriox #Android #App #BankingTrojan #CyberSecurity #Frode #GooglePlayProtect #MaaS #MalwareAndroid #Sicurezza #TechNews #Tecnologia #Trojan #Truffa

https://www.ceotech.it/albiriox-il-malware-android-che-svuota-i-conti-correnti/

🚨 Alert: The new #EternidadeStealer is using WhatsApp to spread malicious files to steal banking and crypto data from users. Watch out and don’t open unexpected attachments, plus verify messages from contacts.

Read: https://hackread.com/eternidade-stealer-whatsapp-steal-banking-data/

#CyberSecurity #Malware #WhatsApp #BankingTrojan #InfoSec

📰 Herodotus Android Malware Mimics Human Typing to Bypass Biometric Security

🤖 New "Herodotus" Android banking trojan mimics human typing to bypass biometric security! Sold as MaaS, it takes over devices to steal from banking & crypto apps. Active in Italy & Brazil. #Android #Malware #BankingTrojan #MobileSecurity

🔗 https://cyber.netsecops.io/articles/herodotus-android-malware-mimics-human-typing-to-evade-detection/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

Android malware alert: Mobdro Pro IP TV + VPN installs Klopatra banking Trojan, compromising devices and banking credentials.

More info: https://www.technadu.com/fake-vpn-spreads-malware-targeting-android-banking-accounts/611164/

#AndroidSecurity #CyberSecurity #BankingTrojan #MobileSecurity #VPN #TechNadu