## Brazilian Banking Trojan TCLBANKER Targets 59 Financial Platforms via WhatsApp and Outlook Worms
Security researchers at Elastic Security Labs have flagged a newly documented Brazilian banking trojan, tracked as TCLBANKER (REF3076), capable of targeting 59 banking, fintech, and cryptocurrency platforms. The malware represents what analysts describe as a major evolution of the Maverick trojan, incorporating sophisticated propagation mechanisms through WhatsApp and Outlook, raising concerns about its potential reach across consumer and enterprise environments.

The threat actor leverages a worm component called SORVEPOTEL to facilitate distribution, enabling lateral movement and infection chains that exploit messaging and email platforms widely used in Brazil's financial sector. According to Elastic Security Labs' assessment, the updated malware family demonstrates enhanced capabilities compared to its predecessor, including improved credential harvesting, screen capture functions, and persistence mechanisms designed to evade detection by traditional security tools.

The 59 targeted platforms span established banks, emerging fintech services, and cryptocurrency exchanges, reflecting the threat actor's broad interest in financial data and digital asset holdings. Security teams are advised to monitor for indicators of compromise associated with the SORVEPOTEL worm and review email filtering policies, given the malware's reliance on Outlook propagation vectors. The emergence of TCLBANKER underscores persistent targeting of Brazilian financial institutions by threat actors operating sophisticated, frequently updated malware infrastructure.
---
- **Source**: The Hacker News Echo RSS
- **Sector**: The Vault
- **Tags**: banking-trojan, brazilian-malware, fintech-security, credential-theft, malware-analysis
- **Credibility**: unverified
- **Published**: 2026-05-08 19:54:50
- **ID**: 80776
- **URL**: https://whisperx.ai/en/intel/80776