Cyber Blog

Cybersecurity experts have discovered a new scam spreading through WhatsApp that infects people’s computers with harmful software designed to steal banking information. The malware, called Maverick, is part of a larger attack campaign in Brazil led by a cybercriminal group known as Water Saci. Once installed, Maverick quietly watches what people do online and tries to steal their bank logins when they visit certain financial websites.

The attack usually begins when someone receives a ZIP file through WhatsApp Web (the browser version of the app). The file looks harmless, but it actually contains a shortcut that secretly installs the malware when opened. After it’s installed, Maverick checks to see if the victim is in Brazil by looking at their computer’s language and time zone. If the system isn’t in Brazil, the malware stops running.

Once active, Maverick takes over the victim’s Chrome browser and copies their account information, cookies, and saved sessions. It then uses this data to log into WhatsApp Web automatically and send the same fake file to all the person’s contacts — spreading itself even further. The scam messages often look like normal WhatsApp messages, which makes it easy for friends or coworkers to get tricked into opening the file.

The malware also connects to a hidden online control system that lets hackers collect personal details, take screenshots, download or upload files, and even control the computer remotely. This makes it very difficult for victims to realize their systems are compromised.

Because WhatsApp is extremely popular in Brazil — with more than 148 million users — experts warn that this scam could spread rapidly. They advise people not to open ZIP files or links sent through WhatsApp, even if they come from someone they know, unless they are absolutely sure they’re safe. It’s also a good idea to keep antivirus software updated and use two-factor authentication for online banking and messaging apps.