A new and highly sophisticated malware campaign, dubbed “The Maverick Menace,” that is stealing banking and cryptocurrency credentials across Brazil.
The self-propagating worm spreads via WhatsApp, exploiting user trust to bypass modern security defenses and infect over 400 organizations and 1,000 endpoints.
The attack begins with a malicious ZIP file sent through compromised WhatsApp accounts, instructing victims to open it on their desktop computers. This tactic ensures infection on less secure systems.
Once opened, a hidden Windows LNK file executes a Base64-encoded PowerShell command, initiating a multi-stage infection chain that disables security features such as Microsoft Defender and User Account Control (UAC) to remain undetected.
The worm deploys two payloads: a weaponized Selenium automation tool to hijack WhatsApp Web sessions for self-spreading, and the Maverick banking trojan, which monitors browser traffic to steal banking and crypto credentials. When users access financial platforms, the malware injects additional components to divert funds in real time.
Emerging in September 2025, the Maverick Menace demonstrates the growing fusion of social engineering and automation in cybercrime. Experts warn that its efficiency and scalability mark a dangerous evolution in financial malware, threatening global digital trust.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
