{"id":174977,"date":"2025-11-20T15:00:00","date_gmt":"2025-11-20T15:00:00","guid":{"rendered":"https:\/\/cryptonews.com\/fr\/?p=174977"},"modified":"2025-11-20T14:08:02","modified_gmt":"2025-11-20T14:08:02","slug":"whatsapp-virus-wallets-crypto-bresil","status":"publish","type":"post","link":"https:\/\/cryptonews.com\/fr\/news\/whatsapp-virus-wallets-crypto-bresil\/","title":{"rendered":"Alerte WhatsApp : un virus siphonne des wallets crypto et des comptes en banque"},"content":{"rendered":"<p class=\"wp-block-paragraph\">Une campagne active au Br\u00e9sil propage un malware via WhatsApp. Les chercheurs d\u00e9crivent un ver qui d\u00e9tourne les sessions, s\u2019auto-diffuse vers les contacts et d\u00e9ploie ensuite un trojan bancaire capable de viser banques et portefeuilles crypto. Le mode op\u00e9ratoire combine leurres en portugais, pi\u00e8ces jointes pi\u00e9g\u00e9es et contr\u00f4le \u00e0 distance depuis une infrastructure C2.<\/p><h2 class=\"wp-block-heading\"><strong>Comment l\u2019infection d\u00e9marre et se propage<\/strong><\/h2><span class=\"replacer\"><\/span><p class=\"wp-block-paragraph\">D\u2019abord, l\u2019attaque prend appui sur <strong>un message WhatsApp<\/strong> contenant un fichier ZIP ou un raccourci .lnk pr\u00e9sent\u00e9 comme un re\u00e7u, un avis m\u00e9dical ou un document administratif. L\u2019utilisateur ouvre, le script s\u2019ex\u00e9cute, puis <strong>le code prend la main sur la session WhatsApp Web<\/strong>.<\/p><p class=\"wp-block-paragraph\">Il renvoie automatiquement le m\u00eame fichier \u00e0 la liste de contacts. La campagne se comporte alors comme un ver : chaque victime devient relais, ce qui <strong>acc\u00e9l\u00e8re la diffusion<\/strong>.<\/p><p class=\"wp-block-paragraph\">Les rapports mentionnent <strong>un encha\u00eenement technique en deux branches<\/strong>. Une charge Python orchestre la propagation via WhatsApp Web. Un installateur MSI d\u00e9pose la brique voleur baptis\u00e9e Eternidade Stealer. Les op\u00e9rateurs mettent \u00e0 jour les messages, r\u00e9cup\u00e8rent les carnets d\u2019adresses et modulent les commandes \u00e0 distance.<\/p><p class=\"wp-block-paragraph\">Le ph\u00e9nom\u00e8ne s\u2019inscrit \u00e9galement dans une tendance plus large. Depuis octobre, plusieurs familles proches ciblent les utilisateurs br\u00e9siliens. Les chercheurs ont document\u00e9 des campagnes Maverick et Coyote qui d\u00e9tournent des navigateurs, abusent de WhatsApp Web et se d\u00e9sactivent parfois <a href=\"https:\/\/cryptonews.com\/fr\/news\/bresil-miser-19-milliards-bitcoin\/\">hors du Br\u00e9sil<\/a>. D\u2019autres travaux d\u00e9crivent SORVEPOTEL, un ver qui s\u2019appuie sur WhatsApp pour atteindre postes domestiques et machines d\u2019entreprises. WhatsApp est devenu <strong>un vecteur privil\u00e9gi\u00e9 par des groupes bancaires locaux<\/strong> tr\u00e8s outill\u00e9s.<\/p><figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">BRAZIL SOUNDS ALARM ON NEW WHATSAPP CRYPTO MALWARE WAVE<br><br>&#8211; Brazil\u2019s cybersecurity teams are warning users about a fast-moving malware campaign spreading through WhatsApp.<br><br>&#8211; The threat stems from a new banking Trojan called Eternidade Stealer, marking one of the sharpest rises in\u2026 <a href=\"https:\/\/t.co\/ysrEMnr2NZ\">pic.twitter.com\/ysrEMnr2NZ<\/a><\/p>&mdash; BSCN (@BSCNews) <a href=\"https:\/\/twitter.com\/BSCNews\/status\/1991359359935467707?ref_src=twsrc%5Etfw\">November 20, 2025<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure><h2 class=\"wp-block-heading\"><strong>Ce que vole le trojan et pourquoi la crypto est une cible<\/strong><\/h2><span class=\"replacer\"><\/span><p class=\"wp-block-paragraph\">Dans la phase suivante, la charge banque\/crypto s\u2019installe. Elle collecte des identifiants, cookies, OTP, et tente de forcer le navigateur via des injections web. Elle cherche aussi des phrases de r\u00e9cup\u00e9ration et des seeds li\u00e9es aux wallets, y compris via des extensions.<\/p><p class=\"wp-block-paragraph\">L\u2019objectif est clair. <strong>Vider des comptes bancaires quand la victime se reconnecte<\/strong>, et saisir des portefeuilles si une signature est facilit\u00e9e par la session en cours. Les op\u00e9rateurs exploitent la session et la confiance du carnet d\u2019adresses pour contourner la vigilance initiale. Dans certains cas, ils r\u00e9cup\u00e8rent la liste des contacts et pilotent la diffusion en quasi temps r\u00e9el depuis le centre de commande.<\/p><p class=\"wp-block-paragraph\">Les <a href=\"https:\/\/cryptonews.com\/fr\/news\/bresil-banque-encadre-psan-stablecoins\/\">crypto-d\u00e9tenteurs br\u00e9siliens<\/a><strong> <\/strong>sont<strong> explicitement vis\u00e9s<\/strong>. Des alertes destin\u00e9es au grand public soulignent la sophistication du ver et la pr\u00e9sence d\u2019un trojan bancaire derri\u00e8re.<\/p><p class=\"wp-block-paragraph\">La cha\u00eene se d\u00e9roule vite. Un clic, une session compromise. Puis un <strong>effet domino sur les proches et coll\u00e8gues<\/strong>. La fragmentation des usages, entre applications desktop, extensions et mobiles, augmente la surface d\u2019attaque. Les attaquants exploitent des templates d\u2019ing\u00e9nierie sociale cr\u00e9dibles, de la livraison de colis au faux message gouvernemental.<\/p><figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">WhatsApp users are being hit with a crypto trojan that looks like a harmless message from a friend or a chat you trust. The malware gets full access to your device via just a tap.<br><br>It&#39;s built specifically to steal crypto. The moment you open Binance, OKX, Coinbase, MetaMask,\u2026 <a href=\"https:\/\/t.co\/IIGVc5eYcL\">pic.twitter.com\/IIGVc5eYcL<\/a><\/p>&mdash; Web3 Antivirus (@web3_antivirus) <a href=\"https:\/\/twitter.com\/web3_antivirus\/status\/1991482844422554088?ref_src=twsrc%5Etfw\">November 20, 2025<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure><h2 class=\"wp-block-heading\"><strong>Indices d\u2019infection et r\u00e9flexes imm\u00e9diats \u00e0 adopter<\/strong><\/h2><span class=\"replacer\"><\/span><p class=\"wp-block-paragraph\">Plusieurs <strong>signaux doivent alerter<\/strong>. Votre <a href=\"https:\/\/www.whatsapp.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">WhatsApp<\/a> envoie des fichiers \u00e0 vos contacts sans action de votre part. Le navigateur se met \u00e0 afficher des pop-ups ou ralentit soudainement. L\u2019antivirus remonte un script PowerShell\/VBS inhabituel. Une extension inconnue appara\u00eet.<\/p><p class=\"wp-block-paragraph\">Face \u00e0 ces indices, il faut <strong>d\u00e9connecter WhatsApp Web sur tous les appareils<\/strong>. Puis changer les mots de passe bancaires et crypto depuis un ordinateur sain, supprimer les sessions actives sur wallets et plateformes, et restaurer \u00e0 partir d\u2019une sauvegarde si n\u00e9cessaire.<\/p><p class=\"wp-block-paragraph\">Les \u00e9quipes IT doivent compl\u00e9ter par une recherche d\u2019indicateurs de compromission, un nettoyage et une revue des r\u00e8gles mail et navigateur. Ces mesures coupent la propagation, assainissent l\u2019environnement et limitent l\u2019exfiltration.<\/p><p class=\"wp-block-paragraph\">Pour la suite, <strong>la pr\u00e9vention reste d\u00e9terminante<\/strong>. \u00c9viter, tout d\u2019abord, l\u2019ouverture de fichiers ZIP re\u00e7us par WhatsApp, m\u00eame s\u2019ils viennent d\u2019un contact connu. V\u00e9rifier l\u2019origine des fichiers. R\u00e9activer la v\u00e9rification en deux \u00e9tapes, et s\u00e9parer l\u2019ordinateur de trading ou de wallet des usages quotidiens. Les campagnes observ\u00e9es montrent que les attaquants bougent vite. La <strong>r\u00e9activit\u00e9 des utilisateurs<\/strong> fera la diff\u00e9rence entre un incident mineur et une cascades de compromissions.<\/p><hr class=\"wp-block-separator has-alpha-channel-opacity\"><p class=\"wp-block-paragraph\">Pour aller plus loin sur le sujet : <\/p><ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/cryptonews.com\/fr\/news\/bresil-integrer-bitcoin-reserves-nationales\/\">Le Br\u00e9sil va int\u00e9grer du Bitcoin dans ses r\u00e9serves nationales<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/cryptonews.com\/fr\/news\/binance-securite-crypto-vol-appareil\/\">Binance : comment s\u00e9curiser ses actifs en cas de vol d\u2019appareil<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/cryptonews.com\/fr\/news\/chine-etats-unis-vol-bitcoin\/\">P\u00e9kin accuse Washington : 127 000 BTC \u00ab d\u00e9rob\u00e9s \u00bb lors d\u2019un hack<\/a><\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>Une campagne active au Br\u00e9sil propage un malware via WhatsApp. Les chercheurs d\u00e9crivent un ver qui d\u00e9tourne les sessions, s\u2019auto-diffuse vers les contacts et d\u00e9ploie ensuite un trojan bancaire capable de viser banques et portefeuilles crypto. Le mode op\u00e9ratoire combine leurres en portugais, pi\u00e8ces jointes pi\u00e9g\u00e9es et contr\u00f4le \u00e0 distance depuis une infrastructure C2.Comment l\u2019infection [&hellip;]<\/p>\n","protected":false},"author":697,"featured_media":174978,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[9,1],"tags":[],"editors":[2551],"sponsored_companies":[],"class_list":["post-174977","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blockchain-news","category-news","editors-julien-leroy"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Alerte WhatsApp : un virus siphonne des wallets crypto et des comptes en banque<\/title>\n<meta name=\"description\" content=\"Une campagne active au Br\u00e9sil propage un malware via WhatsApp. Un virus d\u00e9ploie un trojan bancaire capable de viser les portefeuilles crypto.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cryptonews.com\/fr\/news\/whatsapp-virus-wallets-crypto-bresil\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Alerte WhatsApp : un virus siphonne des wallets crypto et des comptes en banque\" \/>\n<meta property=\"og:description\" content=\"Une campagne active au Br\u00e9sil propage un malware via WhatsApp. Un virus d\u00e9ploie un trojan bancaire capable de viser les portefeuilles crypto.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cryptonews.com\/fr\/news\/whatsapp-virus-wallets-crypto-bresil\/\" \/>\n<meta property=\"og:site_name\" content=\"Cryptonews France\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-20T15:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cimg.co\/wp-content\/uploads\/sites\/3\/2025\/11\/20140757\/1763647676-cryptonews-cover-33.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Alerte WhatsApp : un virus siphonne des wallets crypto et des comptes en banque\" \/>\n<meta name=\"twitter:description\" content=\"Une campagne active au Br\u00e9sil propage un malware via WhatsApp. Un virus d\u00e9ploie un trojan bancaire capable de viser les portefeuilles crypto.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/cimg.co\/wp-content\/uploads\/sites\/3\/2025\/11\/20140757\/1763647676-cryptonews-cover-33.jpg\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Alerte WhatsApp : un virus siphonne des wallets crypto et des comptes en banque","description":"Une campagne active au Br\u00e9sil propage un malware via WhatsApp. Un virus d\u00e9ploie un trojan bancaire capable de viser les portefeuilles crypto.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cryptonews.com\/fr\/news\/whatsapp-virus-wallets-crypto-bresil\/","og_locale":"fr_FR","og_type":"article","og_title":"Alerte WhatsApp : un virus siphonne des wallets crypto et des comptes en banque","og_description":"Une campagne active au Br\u00e9sil propage un malware via WhatsApp. Un virus d\u00e9ploie un trojan bancaire capable de viser les portefeuilles crypto.","og_url":"https:\/\/cryptonews.com\/fr\/news\/whatsapp-virus-wallets-crypto-bresil\/","og_site_name":"Cryptonews France","article_published_time":"2025-11-20T15:00:00+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/cimg.co\/wp-content\/uploads\/sites\/3\/2025\/11\/20140757\/1763647676-cryptonews-cover-33.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_title":"Alerte WhatsApp : un virus siphonne des wallets crypto et des comptes en banque","twitter_description":"Une campagne active au Br\u00e9sil propage un malware via WhatsApp. Un virus d\u00e9ploie un trojan bancaire capable de viser les portefeuilles crypto.","twitter_image":"https:\/\/cimg.co\/wp-content\/uploads\/sites\/3\/2025\/11\/20140757\/1763647676-cryptonews-cover-33.jpg","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cryptonews.com\/fr\/news\/whatsapp-virus-wallets-crypto-bresil\/#article","isPartOf":{"@id":"https:\/\/cryptonews.com\/fr\/news\/whatsapp-virus-wallets-crypto-bresil\/"},"author":{"name":"Sarah","@id":"https:\/\/cryptonews.com\/fr\/#\/schema\/person\/5401bcfcf49e37c295d47592a5a71275"},"headline":"Alerte WhatsApp : un virus siphonne des wallets crypto et des comptes en banque","datePublished":"2025-11-20T15:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/cryptonews.com\/fr\/news\/whatsapp-virus-wallets-crypto-bresil\/"},"wordCount":787,"publisher":{"@id":"https:\/\/cryptonews.com\/fr\/#organization"},"image":{"@id":"https:\/\/cryptonews.com\/fr\/news\/whatsapp-virus-wallets-crypto-bresil\/#primaryimage"},"thumbnailUrl":"https:\/\/cimg.co\/wp-content\/uploads\/sites\/3\/2025\/11\/20140757\/1763647676-cryptonews-cover-33.jpg","articleSection":["Actualit\u00e9s Blockchain","News"],"inLanguage":"fr-FR","copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/cryptonews.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cryptonews.com\/fr\/news\/whatsapp-virus-wallets-crypto-bresil\/","url":"https:\/\/cryptonews.com\/fr\/news\/whatsapp-virus-wallets-crypto-bresil\/","name":"Alerte WhatsApp : un virus siphonne des wallets crypto et des comptes en banque","isPartOf":{"@id":"https:\/\/cryptonews.com\/fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cryptonews.com\/fr\/news\/whatsapp-virus-wallets-crypto-bresil\/#primaryimage"},"image":{"@id":"https:\/\/cryptonews.com\/fr\/news\/whatsapp-virus-wallets-crypto-bresil\/#primaryimage"},"thumbnailUrl":"https:\/\/cimg.co\/wp-content\/uploads\/sites\/3\/2025\/11\/20140757\/1763647676-cryptonews-cover-33.jpg","datePublished":"2025-11-20T15:00:00+00:00","description":"Une campagne active au Br\u00e9sil propage un malware via WhatsApp. Un virus d\u00e9ploie un trojan bancaire capable de viser les portefeuilles crypto.","breadcrumb":{"@id":"https:\/\/cryptonews.com\/fr\/news\/whatsapp-virus-wallets-crypto-bresil\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cryptonews.com\/fr\/news\/whatsapp-virus-wallets-crypto-bresil\/"]}],"author":[]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/cryptonews.com\/fr\/news\/whatsapp-virus-wallets-crypto-bresil\/#primaryimage","url":"https:\/\/cimg.co\/wp-content\/uploads\/sites\/3\/2025\/11\/20140757\/1763647676-cryptonews-cover-33.jpg","contentUrl":"https:\/\/cimg.co\/wp-content\/uploads\/sites\/3\/2025\/11\/20140757\/1763647676-cryptonews-cover-33.jpg","width":1200,"height":800},{"@type":"BreadcrumbList","@id":"https:\/\/cryptonews.com\/fr\/news\/whatsapp-virus-wallets-crypto-bresil\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cryptonews.com\/fr\/"},{"@type":"ListItem","position":2,"name":"Alerte WhatsApp : un virus siphonne des wallets crypto et des comptes en banque"}]},{"@type":"WebSite","@id":"https:\/\/cryptonews.com\/fr\/#website","url":"https:\/\/cryptonews.com\/fr\/","name":"Cryptonews","description":"","publisher":{"@id":"https:\/\/cryptonews.com\/fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cryptonews.com\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/cryptonews.com\/fr\/#organization","name":"Cryptonews France","url":"https:\/\/cryptonews.com\/fr\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/cryptonews.com\/fr\/#\/schema\/logo\/image\/","url":"https:\/\/cryptonews.com\/wp-content\/uploads\/sites\/3\/2023\/09\/4.jpg","contentUrl":"https:\/\/cryptonews.com\/wp-content\/uploads\/sites\/3\/2023\/09\/4.jpg","width":1669,"height":874,"caption":"Cryptonews France"},"image":{"@id":"https:\/\/cryptonews.com\/fr\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/posts\/174977","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/users\/697"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/comments?post=174977"}],"version-history":[{"count":1,"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/posts\/174977\/revisions"}],"predecessor-version":[{"id":174979,"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/posts\/174977\/revisions\/174979"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/media\/174978"}],"wp:attachment":[{"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/media?parent=174977"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/categories?post=174977"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/tags?post=174977"},{"taxonomy":"editors","embeddable":true,"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/editors?post=174977"},{"taxonomy":"sponsored_companies","embeddable":true,"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/sponsored_companies?post=174977"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}