{"id":214797,"date":"2026-05-17T03:45:08","date_gmt":"2026-05-17T07:45:08","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/17\/tclbanker-banking-trojan-targets-financial-platforms-via-whatsapp-and-outlook-worms\/"},"modified":"2026-05-17T03:45:10","modified_gmt":"2026-05-17T07:45:10","slug":"tclbanker-banking-trojan-targets-financial-platforms-via-whatsapp-and-outlook-worms","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/17\/tclbanker-banking-trojan-targets-financial-platforms-via-whatsapp-and-outlook-worms\/","title":{"rendered":"TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms"},"content":{"rendered":"

TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms<\/a><\/p>\n

https:\/\/thehackernews.com\/2026\/05\/tclbanker-banking-trojan-targets.html<\/a><\/p>\n

Publish Date: 2026-05-08 14:12:00<\/a><\/p>\n

Source Domain: thehackernews.com<\/a><\/p>\n

Summary:<\/strong>
\nSecurity experts from Elastic Security Labs have identified TCLBANKER, a new banking trojan initially undocumented that targets 59 Brazilian financial institutions, fintech services, and cryptocurrency platforms. This malware, named REF3076, is a major evolution of the well-known Maverick family, with the threat activity attributed to the Water Saci cluster. Its attack chain involves a robust loader with embedded modules for both a trojan and a worm that propagates via WhatsApp and Microsoft Outlook messages. The trojan employs multiple anti-analysis methods to evade detection and leverages DLL side-loading using a signed Logitech program, and also hijacks the victim\u2019s WhatsApp and Outlook sessions to widely distribute itself. The malware contains comprehensive features for credential theft, remote control, and persistence mechanisms and appears to be still developing as suggested by debug paths in its code.<\/p>\n

Key Points:<\/strong><\/p>\n