Water Saci has evolved it's tactics, now it's uses a very highly layered infection chain. And it uses WhatApp to propagate a banking trojan that target Brazil again. Not just banking apps, but it also in it's cross hair, crypto exchanges and wallet.
The thing is that this cyber actors are using AI to convert their code,
propagation scripts from PowerShell to Python exemplifies a layered approach that has enabled Water Saci to bypass conventional security controls, exploit user trust across multiple channels, and ramp up their infection rates.
I have nothing against AI, but this could be one of it's pitfall.
https://www.trendmicro.com/en_us/research/25/l/water-saci.htmlThe attack starts from WhatsApp, receiving a compressed archived files such as ZIP files, while other mode of attack showed to be a PDF documents, looks very harmless as first because it just shows to update your Adobe Reader.
But that is not the case as it has payload and once you installed, it's game over.
So again, just a friendly reminder for our Brazilian community, as this is not the first time that they have been targeted thru WhatApp, you can read it here,
Eternidade Stealer - targets Banking apps/Crypto Wallets/Exhanges.
