Unraveling Water Saci's New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp
Dec. 3, 2025, 5:55 p.m.
Description
The Water Saci campaign in Brazil is using advanced techniques to deliver banking trojans through WhatsApp. The attack chain involves various file formats and scripting languages, designed to bypass detection and increase analysis complexity. Attackers have transitioned from PowerShell to Python for their propagation routine, suggesting an accelerated development pipeline. Evidence indicates the possible use of AI tools like LLMs to convert malware scripts. The campaign showcases multi-format malware delivery, aggressive anti-sandbox measures, and extensive backdoor capabilities. The malware targets Brazilian banking applications and cryptocurrency platforms, using sophisticated techniques for persistence and evasion.
Tags
Date
- Created: Dec. 2, 2025, 2:44 p.m.
- Published: Dec. 2, 2025, 2:44 p.m.
- Modified: Dec. 3, 2025, 5:55 p.m.
Additional Informations
- Finance
- Brazil