GANA Payment loses $3M in hack as WhatsApp Eternidade Stealer spreads in Brazil

Published: 21 November 2025
Last updated: 21 November 2025
crypto-whatsapp

On Thursday, crypto payment infrastructure developer GANA Payment confirmed it had been attacked. The team claims that its "interaction contract" was targeted, and it, together with an external firm, is investigating the incident.

According to blockchain sleuth ZachXBT, GANA lost more than $3 million worth of crypto assets.

"The attacker deposited 1140 BNB ($1.04M) to [the Tornado mixer] on BSC and bridged funds to ethereum, where another 346.8 ETH ($1.05M) was deposited to Tornado. 346 ETH ($1.046 million) currently sits dormant on ethereum," the analyst said.

ADVERTISEMENT

While GANA promises to "activate a comprehensive project reboot plan," some commenters doubt that the "interaction contract" was targeted, arguing that the most likely cause of the theft is the leak of private keys that gave access to the now-stolen funds.

The price of the GANA token crashed by 99% in a day.

crashed-gana-token
Image by Cybernews.
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Meanwhile, in a separate story, Trustwave SpiderLabs researchers reported finding a Brazilian-user-targeting cryptoasset-stealing trojan, Eternidade Stealer, which is distributed via WhatsApp.

The malware steals victims’ entire WhatsApp contact lists and then sends a message to all contacts, along with a personalized greeting, a malicious file, and a follow-up message, while also trying to avoid detection.

The malicious code scans active windows and running processes for strings associated with crypto platforms, Brazilian banking portals, and fintech services.

"When it detects a match, for example, a window title or process name linked to Bradesco, BTG Pactual, Binance, Coinbase, MetaMask, Trust Wallet, or another financial brand, the malware immediately decrypts and activates its next-stage payload," the researchers said, adding that malicious components lie dormant until the victim opens a targeted application.

ADVERTISEMENT

According to SpiderLabs, Eternidade Stealer highlights two concerning trends: the growing use of WhatsApp as a distribution vector, and the malware’s continued development, including dynamic IMAP (Internet Message Access Protocol)-based C2 (Command and Control) retrieval, improved evasion techniques, and geofencing to target Brazilian victims.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT