Hackers Targeting 59 Banking, Fintech and Crypto Platforms, Stealing Credentials, PINs and More: Report

Hackers are reportedly targeting 59 banking, fintech and cryptocurrency platforms while spreading through popular applications such as WhatsApp and Outlook.

A trojan called TCLBanker is hitting Windows systems through tainted Microsoft installation packages, reports BleepingComputer.

It was discovered by Elastic Security Labs, whose researchers believe it is a major evolution of the older Maverick and Sorvepotel malware family.

The report says TCLBanker checks infected devices for timezone, keyboard layout and locale. The malware includes worm modules that allow it to spread automatically through WhatsApp and Microsoft Outlook.

Once a targeted site is opened, the malware creates a WebSocket session with its command-and-control server and begins remote control operations.

The malware’s operator capabilities include live screen streaming, screenshots, keylogging, clipboard hijacking, shell command execution, file system access and remote mouse and keyboard control.

TCLBanker also uses fake overlay screens to collect credentials, PINs, phone numbers and other sensitive information. Those overlays can include fake credential prompts, PIN keypads, bank support waiting screens, Windows Update screens and fake progress screens.

BleepingComputer says TCLBanker appears to be targeting apps in Brazil, and monitors a victim’s browser address bar every second and watches for visits to one of its 59 targeted platforms.

Follow us on X, Facebook and Telegram

Don’t Miss a Beat – Subscribe to get email alerts delivered directly to your inbox

Surf The Daily Hodl Mix

Generated Image: Midjourney

The post Hackers Targeting 59 Banking, Fintech and Crypto Platforms, Stealing Credentials, PINs and More: Report appeared first on The Daily Hodl.