top of page

Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud

3 december 2025 om 15:32:00

thehackernews.com

Water Saci threat actors are actively targeting Brazilian users with an evolved banking trojan campaign. The attack chain uses HTML Application (HTA) files and PDFs distributed via WhatsApp worm to deploy malware. Attackers have shifted from PowerShell to Python-based variants for propagation. The campaign combines traditional banking trojans with NFC relay fraud techniques called RelayNFC. The sophisticated multi-layered infection chain represents an evolution in the group's tactics targeting Brazil's financial sector.

Related links:

https://thehackernews.com/2025/12/brazil-hit-by-banking-trojan-spread-via.html

Related CVE's:

No CVEs found in this article

Related threat actors:

Water Saci

Affected products:

WhatsApp

IOC's:

No IOCs found in this article

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page