TCLBANKER Malware Targets Users Through Self-Propagating WhatsApp and Outlook Worm Modules

📅 9 May 2026 at 06:00 UTC📰 Cyber Security NewsView original source ↗

A highly sophisticated Brazilian banking trojan named TCLBANKER, tracked under the campaign REF3076, this malware represents a major update to the older Maverick and SORVEPOTEL families. It stands out because it uses a fake, signed Logitech installer to infect systems and spreads automatically via WhatsApp and Microsoft Outlook. The attack begins when a user downloads […] The post TCLBANKER Malware Targets Users Through Self-Propagating WhatsApp and Outlook Worm Modules appeared first on Cyber Security News.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

TCLBANKER is a sophisticated Brazilian banking trojan that uses fake signed Logitech installers and self-propagating WhatsApp and Outlook worm modules to infect systems, targeting users through automatic spread.

⚙️Technical Details

Affected Systems

Systems infected via fake signed Logitech installer

Attack Vectors

WhatsApp and Microsoft Outlook

💥Impact Assessment

Severity: Critical

🛡️Recommended Actions

1Disable automatic updates from unknown sources

2Verify the authenticity of software downloads

3Regularly scan systems for malware

📦Affected Products

Logitech installer

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News ↗

← Back to feed