AutoIt
-
Water Saci campaign in Brazil uses WhatsApp worm, HTA and Python to deliver banking trojan; RelayNFC Android malware also active
Researchers say the Water Saci group has adopted a layered HTA/PDF/WhatsApp Web worm and a Python-based propagation script to deliver an AutoIt-backed banking trojan in Brazil, while a separate RelayNFC Android threat targets contactless payments.
-
Researchers report WhatsApp-based worm distributing Delphi banking trojan in Brazil
Trustwave SpiderLabs reported a WhatsApp-propagated campaign in Brazil that uses a Python-based worm and an MSI installer to deploy the Delphi credential stealer Eternidade, which retrieves C2 addresses via IMAP and targets banking and crypto apps.
