All news with #relaynfc tag

Brazil Hit by WhatsApp Worm and RelayNFC Fraud Campaign

🔒 Water Saci has shifted to a layered infection chain that uses HTA files and malicious PDFs delivered via WhatsApp to deploy a banking trojan in Brazil. The actors moved from PowerShell to a Python-based worm that propagates through WhatsApp Web, while an MSI/AutoIt installer and process-hollowing techniques load the trojan only on Portuguese (Brazil) systems. Trend Micro links the behavior to Casbaneiro-style features and notes possible use of code-translation or AI tools to port scripts. In parallel, a React Native Android strain named RelayNFC executes real-time NFC APDU relays to enable contactless payment fraud.