Elastic Security — TCLBanker Banking Trojan Distributed via Trojanized AI Prompt Builder
AI relevance: Attackers are weaponizing the popularity of AI assistant tools by distributing a sophisticated banking trojan through a trojanized "Logitech AI Prompt Builder" MSI installer, using the legitimate application as a DLL side-loading decoy.
What happened
- Elastic Security Labs discovered TCLBanker, a new banking trojan targeting 59 banking, fintech, and cryptocurrency platforms, primarily in Brazil.
- The malware is delivered via a trojanized MSI installer for "Logitech AI Prompt Builder" — a real AI-powered productivity tool — and loads via DLL side-loading within the legitimate Logitech application context to evade detection.
- The trojan monitors the browser address bar every second using Windows UI Automation APIs, intercepting when victims visit targeted financial sites.
- Upon detection, it establishes a WebSocket C2 session and enables full remote control: screen streaming, keylogging, clipboard hijacking, shell commands, and remote mouse/keyboard control.
- TCLBanker deploys a WPF overlay system that renders fake credential prompts, PIN keypads, bank support screens, and fake Windows Update dialogs on top of legitimate banking sites.
- The malware includes worm modules for WhatsApp and Outlook that autonomously propagate by hijacking authenticated WhatsApp Web sessions (via Chromium IndexedDB data) and abusing Outlook COM automation to send phishing emails from the victim's own account.
- It features environment-dependent payload decryption that fails in sandboxes, and a watchdog thread that hunts for analysis tools (x64dbg, IDA, Frida, Ghidra, ProcessHacker).
- Elastic notes code artifacts suggest AI was used in the malware's development, though individual features aren't particularly advanced.
- TCLBanker is considered a major evolution of the older Maverick/Sorvepotel malware family, bringing enterprise-grade capabilities to lower-tier cybercriminals.
Why it matters
This is the latest in a growing pattern of threat actors weaponizing AI tool popularity for initial access — alongside fake Claude AI sites and trojanized AI coding assistants. As AI tools proliferate, attackers are exploiting user trust in the AI ecosystem to deliver malware. The WhatsApp/Outlook self-spreading capability means a single infection can rapidly cascade through a victim's contact network, amplifying impact beyond the initial target.
What to do
- Verify AI tool installers come from official vendor channels; avoid third-party download sites and sponsored search results.
- Monitor for DLL side-loading indicators: unsigned DLLs loaded alongside signed legitimate executables in Startup folders.
- Block or alert on WhatsApp Web IndexedDB access by unauthorized processes.
- Restrict Outlook COM automation for non-interactive sessions where possible.
- Scan for indicators published by Elastic Security Labs, including C2 infrastructure and file hashes.