A new campaign involving the Astaroth banking malware highlights a shift in how financial cybercrime is being distributed. Tracked by security researchers as “Boto Cor-de-Rosa,” the campaign uses WhatsApp Web as a propagation channel, enabling the malware to automatically send infected files to a victim’s personal contacts. By exploiting trusted relationships and everyday messaging behaviour, attackers are able to spread the malware quickly while targeting banking credentials, primarily affecting users in Brazil. One focuses on propagation by accessing the victim’s WhatsApp contacts and automatically sending malicious files using casual, familiar language intended to appear legitimate. Messages are tailored using time-appropriate greetings such as “Good morning,” “Good afternoon,” or “Good evening,” based on the recipient’s local time.

Source: Economic Times January 15, 2026 05:38 UTC