GANA Payment, a Brazilian digital payments company that supports cryptocurrency transactions, has confirmed a breach that resulted in the loss of more than $3 million. The company said attackers accessed internal systems after targeting users with malware circulated through WhatsApp. According to GANA Payment, the incident began when individuals received messages that appeared to come from trusted contacts and were encouraged to open links or files. These messages delivered a type of credential-stealing malware known as Eternidade Stealer. Once active on a device, the malware attempted to gather information linked to wallets, banking applications and financial accounts.
Investigators said the attackers used stolen credentials to initiate transfers and manipulate wallet activity within the company’s environment. GANA Payment noticed irregular behaviour and began an internal review to determine the scale of the breach. The company said it is working with law enforcement and external specialists to trace the stolen funds and identify how widely the malware spread. Early findings suggest that the stealer also forwarded messages to the contact lists of infected devices, which helped extend its reach. This behaviour made the campaign harder to detect because messages appeared to come from familiar individuals.
Researchers who analysed the malware said it uses a straightforward technique. It relies on social contact and trust within messaging applications rather than technical flaws in the platform. The initial message encourages the user to download a file or open a link, which activates the stealer. The malware then collects stored credentials and attempts to send itself to other contacts. This method has been observed in past campaigns and continues to be effective because users may not expect harmful content from personal contacts.
GANA Payment operates in a sector that handles large transaction volumes and is subject to significant fraud attempts. The company advised users to update their passwords, review account activity and enable additional verification steps to protect financial information. It also warned that individuals should be cautious when receiving messages that encourage the download of files or applications, even if the sender appears familiar. Because digital wallet keys and access codes can be stored on personal devices, the compromise of a single device can have broader consequences.
Security specialists said the incident shows how messaging applications can be used to support financially motivated attacks. Messaging platforms connect wide networks of friends, family and colleagues, which creates opportunities for attackers to spread harmful content quickly. When malware relies on personal trust, it can reach users who may not normally interact with suspicious websites or emails. This makes it important for payment firms and wallet providers to consider how communication habits outside their own systems can affect security.
Industry observers expect continued interest from regulators as cryptocurrency-related breaches draw public attention. Cases such as GANA Payment highlight how personal devices, social messaging and financial platforms intersect. Regulators may examine whether more guidance is needed for companies that process digital assets or rely on mobile-based interactions. For users, the incident reinforces the need to remain careful with unsolicited files, to enable stronger authentication features and to monitor accounts for unusual activity.