A new trojan called TCLBanker targets 59 banking, fintech, and cryptocurrency platforms, utilizing a trojanized MSI installer to infect systems and self-propagate through WhatsApp and Outlook. This malware, discovered by Elastic Security Labs, features advanced evasion techniques and capabilities for remote control and data theft, indicating an evolution in Latin American malware.
The emergence of TCLBanker, a self-spreading trojan targeting banking and fintech platforms, highlights a significant threat vector through its use of WhatsApp and Outlook worms for propagation. As a cybersecurity professional, focusing on enhancing defenses against DLL side-loading and implementing robust monitoring for unusual browser automation activities can be critical to preemptively counteract such advanced malware threats. Additionally, reinforcing endpoint security measures to detect and block unauthorized browser sessions and suspicious email activities is essential.