A new trojan called TCLBanker targets 59 banking and cryptocurrency platforms by disguising itself as a Logitech installer and automatically spreading through WhatsApp and Outlook contacts.
Security researchers have identified TCLBanker, a banking trojan that combines credential theft with self-propagation capabilities. The malware distributes itself through a trojanized MSI installer for the Logitech AI Prompt Builder, a legitimate software tool.
Once installed, TCLBanker targets 59 financial institutions, fintech companies, and cryptocurrency platforms. The malware captures banking credentials and sensitive user data, posing significant risks to victims' financial accounts.
The self-spreading mechanism operates through victims' contact lists on WhatsApp and Outlook. The malware automatically sends infected files to contacts, expanding its reach without user intervention. This worm-like behavior accelerates infection rates across networks and organizations.
The trojanized installer represents a supply chain infection vector. Users downloading what appears to be legitimate Logitech software unknowingly deploy the malware. This technique exploits user trust in recognized software vendors and tools.
TCLBanker's broad targeting scope—spanning traditional banking, fintech platforms, and cryptocurrency exchanges—indicates sophisticated threat actors behind the operation. The malware likely generates revenue through credential sales, account takeovers, and fraudulent transactions.
Security analysts recommend immediate action for affected users: isolate infected systems from networks, change financial account passwords from secure devices, and notify financial institutions of potential compromise. Organizations should block the trojanized installer and monitor for suspicious WhatsApp and Outlook activity from contacts.
Users should verify software downloads through official vendor websites and avoid installation files from untrusted sources. Email and messaging platforms require caution when opening attachments or links from contacts, even if the contact appears familiar.
This incident underscores the dual threat of credential-stealing trojans combined with autonomous spreading mechanisms. As malware increasingly leverages communication platforms for distribution, endpoint security and user awareness remain critical defenses against financial cyber threats.
A vulnerability called HollowByte enables unauthenticated attackers to trigger denial-of-service conditions on OpenSSL servers using a malicious payload of just 11 bytes. The flaw causes severe memory bloat on affected systems.
Federal authorities arrested 21-year-old Zyaire Wilkins, accused of publishing fake video games on Steam containing malware designed to steal cryptocurrency from thousands of users.
Federal authorities arrested a 21-year-old Florida man suspected of stealing over $220,000 in cryptocurrency through malware-infected Steam games. The scheme infected approximately 8,000 devices and compromised 80 crypto wallets between May 2024 and February 2026.
Hackers are exploiting legitimate hotel reservations from over 350 properties worldwide to launch convincing spear-phishing campaigns. The targeted attacks use genuine booking details to bypass user skepticism.