Researchers track Maverick Trojan spreading via WhatsApp Web ZIP archives, hijacking banking pages, eyeing Brazil, and using centralized control. Stay safe.
© E. Vartanyan
Cybersecurity specialists are tracking a fresh wave of attacks: a Trojan known as Maverick is spreading through ZIP archives sent to contacts via WhatsApp Web. Inside the archive sits a shortcut that launches a script, which then triggers a chain of components to conceal its activity and install the malware. Researchers describe a multi-step playbook: it disables built-in protections, starts a loader, and checks regional settings before activating the core module. The progression looks deliberate, suggesting a campaign that values stealth as much as reach.
Maverick can monitor active browser tabs, swap out pages for banking sites and other services, take screenshots, and execute arbitrary commands at the operators’ direction. Experts have also observed a broader target list: beyond financial institutions, the Trojan is now eyeing the hospitality sector in Brazil. Analysts attribute the operation to a capable group that has significantly upgraded its management and delivery tools. The shift reads less like a one-off experiment and more like a plan to diversify pressure points.
The hallmark of this latest wave is a centralized control mechanism that lets attackers coordinate mailings and push malware updates with notable flexibility. Companies and individual users alike are urged to treat attachments with care, keep security updates enabled, and rely on reputable antivirus solutions. In practice, disciplined routine remains the simplest way to blunt tactics that are designed to exploit everyday habits.