Start for Free

Hackers Unleash TCLBanker Trojan, Targeting Banking, Fintech, and Crypto Platforms for Credential Theft

Published on May 16, 2026

Categories: Cybersecurity Fintech Security Breach

A new report highlights a significant cybersecurity threat: the TCLBanker trojan, an evolution of older malware like Maverick and Sorvepotel. This sophisticated malware is actively targeting 59 banking, fintech, and cryptocurrency platforms, spreading through popular applications like WhatsApp and Outlook via compromised Microsoft installation packages. The primary objective is to steal sensitive credentials, PINs, and other vital information from Windows systems, posing a widespread risk across the financial and digital asset ecosystems.

Hackers are reportedly targeting 59 banking, fintech and cryptocurrency platforms while spreading through popular applications such as WhatsApp and Outlook. A trojan called TCLBanker is hitting Windows systems through tainted Microsoft installation packages, reports BleepingComputer. It was discovered by Elastic Security Labs, whose researchers believe it is a major evolution of the older Maverick and Sorvepotel.

Sentiment Snapshot

AI-powered sentiment analysis for coins mentioned in this briefing.

Social Media Prompt

A digital illustration depicting a cyberattack with a trojan horse icon in the center, surrounded by interconnected symbols of banks, fintech apps, and generic cryptocurrency icons. Dark, binary code streams in the background, with red lines indicating malicious activity. The overall tone is urgent and high-tech.