Elastic Security Labs identified TCLBANKER, a new Brazilian banking trojan distributed via DLL sideloading that features robust anti-analysis mechanisms and environment-gated payload decryption. The malware deploys a full-featured banking trojan with a WPF-based social engineering overlay framework, alongside worm modules that self-propagate by hijacking WhatsApp Web sessions and Microsoft Outlook accounts.