Stay connected with BizTech Community—follow us on Instagram and Facebook for the latest news and reviews delivered straight to you.
Cryptocurrency’s growth in Brazil has opened up new ways for people to get involved in finance and come up with new ideas.
However, it has also drawn a new type of cybercriminal who takes advantage of popular apps like WhatsApp. On November 21, 2025, Trustwave’s SpiderLabs cybersecurity team produced a report about a very advanced malware campaign that is quickly spreading over the messaging platform.
This financial trojan, known as “Eternidade Stealer,” is a combination of a self-replicating worm and a banking trojan. It has already gone after thousands of people, focusing on stealing login information from crypto wallets and bank accounts.
Brazil is becoming the leading country in Latin America for using cryptocurrency, and it ranks sixth in the world on Chainalysis’ 2025 Adoption Index. This threat shows how weak the market is becoming as digital assets become more and more a part of everyday life.
SpiderLabs researchers Nathaniel Morales, John Basmayor, and Nikita Kazymirskyi call Eternidade a “persistent and evolving” threat that uses social engineering to get into devices. The effort hides itself in WhatsApp messages that look like real notifications, such as bogus government aid programs, parcel delivery, or even notes from pals in investing groups. When a user clicks on the link, the infection chain starts. This affects not just the device but also spreads to contacts, generating a viral effect that is hard to stop.
How the Eternidade Stealer Works
The malware is clever because it has two parts: a worm that spreads and a trojan that steals. When the victim clicks on the bad link, which is usually an APK file that seems like an app update or a prize claim, the worm installs itself and takes over the victim’s WhatsApp account. It goes through the contact list and uses “smart filtering” to stay away from groups and corporate discussions. Instead, it focuses on one-on-one talks to spread more quietly. This lets the worm distribute infected links to friends and family, pretending to be trusted messages, which greatly increases the number of infections.
At the same time, the trojan part runs in the background, looking for sensitive data on the device. It goes after logins for big Brazilian banks like Itaú, Bradesco, and Nubank, as well as well-known crypto exchanges and wallets like Binance and Mercado Bitcoin, and even hardware like Ledger. Eternidade may steal passwords, seed phrases, and two-factor codes by recording keystrokes, taking screenshots, or copying clipboard data. This lets hackers quickly empty accounts. In one case that was reported, a victim lost $50,000 in USDT just hours after getting infected.
Eternidade is different because of how advanced its command-and-control (C2) system is. The malware doesn’t use a fixed server that can be taken down; instead, it logs into a hardcoded Gmail account to get updates and steal data. Hackers send emails with new instructions, which lets them change things without being caught. “It’s a smart way to get around network-level blocks,” the SpiderLabs team said. “It’s simple but works.” This strategy has kept the campaign going even though antivirus programs have flagged it, infecting thousands of Brazil’s 18 million crypto holders.
SpiderLabs’ infographic shows how the assault worked: The procedure goes from the initial WhatsApp bait to the breach of the device, the hijacking of the account, and the theft of data in just a few minutes. Brazil has a lot of WhatsApp users—over 200 million, or 90% of the population—so it’s a great way to send money there. In fact, 70% of remittances ($10 billion a year) now utilize stablecoins like USDT to save on fees.
Brazil’s Crypto Boom: A Good and Bad Thing
Brazil’s acceptance of cryptocurrencies has been nothing short of amazing. According to Chainalysis’ 2025 research, the country is fifth in the world for adoption, behind India, the U.S., Pakistan, and Nigeria. The measurements take into account population and purchasing power. 17% of Brazilians own crypto and use it to pay for things, send money, and protect themselves from losses. This is partly because of strong inflation (which reached 10% in 2022) and a tech-savvy youth population. Mercado Pago and PicPay are two platforms that use stablecoins, and Binance’s P2P volumes reached $5 billion in the third quarter of 2025.
But this expansion has made Brazil a prime target for scammers. Eternidade takes use of the fact that people trust WhatsApp groups, which are typically used for family discussions or investment advice, to fool users into thinking that links from “friends” are safe. Chainalysis says that the trojan’s concentration on local banks and exchanges like NovaDAX or BitcoinTrade causes the most damage, with losses estimated at $100 million in 2025 cyber-thefts. Nathaniel Morales said, “WhatsApp is everywhere in Brazil’s cybercrime ecosystem, which makes it a weapon of choice—threat actors improve their methods every year.”
Important Safety Tips for People Who Use Crypto
To be safe from Eternidade and other risks like it, you need to be careful and follow best practices. First, don’t click on links in WhatsApp messages that you didn’t ask for, even if they come from somebody you know. Instead, check with them through a different channel, like a phone call. If a message seems strange, block and notify the sender right away.
Update your software: The November security patch for Android fixes related security holes and lets apps like WhatsApp upgrade automatically. Install a well-known antivirus program like Avast or Bitdefender, which will warn you about harmful APKs. Eternidade commonly pretends to be “gov aid” programs.
For crypto, use hardware wallets like Ledger or Trezor to store your coins. Don’t use hot wallets on devices that are infected. Use authenticator applications (not SMS) to turn on 2FA, and never save seed phrases online. If your accounts are hacked, you can freeze them through exchange support and keep an eye on your money with explorers like Etherscan. Services like CipherTrace can help you get your money back.
More general advice: Use several ways to talk to people, like Signal for private conversations, and teach your family about frauds. John Basmayor of SpiderLabs said, “Awareness is the best defense—question everything.”
What this means for the crypto ecosystem
This campaign shows a developing trend: malware is changing from simple phishing to more complex trojans that disseminate themselves and are made to fit the behaviors of people in different areas.
In Brazil, where more people use cryptocurrencies than banks (40% of people don’t have a bank account), these kinds of attacks could hinder growth if they aren’t dealt with.
Exchanges are taking action, Binance added stronger AML in September 2025, and Mercado Bitcoin requires biometric authentication for high-value transactions.
It makes calls for greater app store vetting louder around the world—Google Play’s 2025 crackdown got rid of 2 million bad apps—and cross-border cyber collaboration, as Eternidade’s Gmail C2 can’t be taken down. For users, it’s a reminder: In the decentralized world of crypto, keeping yourself safe is the most important thing.
Brazil is solidifying its position as the leader in Latin America, coming in fifth on Chainalysis’ rating. These challenges test resilience, but with education and tools, adoption may grow safely.
