How does the Boto Cor-de-Rosa malware spread via WhatsApp Web?

Boto Cor-de-Rosa spreads by sending malicious ZIP files disguised as normal attachments to contacts through WhatsApp Web.

What type of malware is Astaroth and how does it use WhatsApp?

Astaroth is a banking Trojan that uses WhatsApp Web as a platform to deliver itself and spread automatically to user contacts.

What are the risks of using WhatsApp Web with new malware campaigns?

Using WhatsApp Web with malware can lead to stolen credentials, financial fraud, and identity theft as the malware accesses contacts and financial accounts.

Home / Technology / WhatsApp Web Now Spreading Banking Malware

WhatsApp Web Now Spreading Banking Malware

18 Jan

•

Summary

A new malware campaign uses WhatsApp Web to spread automatically.
The Boto Cor-de-Rosa attack targets Windows users with banking Trojans.
Infection spreads via malicious ZIP files disguised as routine messages.

WhatsApp Web Now Spreading Banking Malware

A significant new malware campaign is actively exploiting WhatsApp Web, turning a popular messaging tool into an automated delivery system for a banking Trojan. Security researchers have identified this threat, known as Boto Cor-de-Rosa, which is linked to the Astaroth malware family. The campaign specifically targets Windows users, cleverly disguising malicious ZIP files within seemingly ordinary chat messages. Once a user falls victim and opens the file, the malware quietly installs itself and begins to spread automatically to the victim's contacts, escalating the infection across a network.

The propagation method is particularly insidious. A specially designed Python module within the malware scans the infected user's WhatsApp contacts. It then automatically sends the malicious ZIP file to every conversation, often adapting its messages with friendly greetings to lower suspicion. This tactic exploits the trust users place in communications from known contacts. The malware also monitors its own success rate, allowing attackers to refine their distribution strategy in real-time, making containment a complex challenge for security professionals.