Water Saci Campaign Uses AI-Converted Python Scripts to Deliver Banking Trojans via WhatsApp in Brazil
Trend Micro reveals Water Saci threat actors are using AI-driven code conversion to rapidly evolve malware delivery, shifting from PowerShell to Python scripts to spread banking trojans via WhatsApp in Brazil.
Trend Micro researchers have uncovered a significant evolution in the Water Saci campaign targeting Brazilian users, where threat actors are leveraging artificial intelligence to convert their malware propagation scripts from PowerShell to Python. This shift, detailed in a December 2, 2025 report, enables faster development cycles, broader browser compatibility, and enhanced error handling, allowing attackers to accelerate the delivery of banking trojans through WhatsApp messages.
The attack chain begins with victims receiving messages from compromised contacts containing malicious attachments in multiple formats, including ZIP archives, PDF documents, and direct HTA files. The HTA files, often named with a pattern like A-{random characters}.hta, execute embedded Visual Basic scripts immediately upon opening. These scripts use two layers of obfuscation before creating a batch file at C:\temp\instalar.bat, which connects to a command-and-control server to download an MSI installer and a Python automation script.
The MSI package serves as the primary vehicle for delivering the banking trojan payload. It contains several components, including an AutoIt interpreter, a compiled AutoIt script, and encrypted PE payloads. The infection chain leverages multiple file formats and scripting languages to evade simple pattern-based detection and complicate analysis. Trend Micro notes that the attackers have demonstrated an accelerated development pipeline, transitioning from PowerShell-based propagation to Python, which suggests the use of large language models (LLMs) to convert their scripts.
Evidence of AI-assisted development includes the Python variant's capabilities for batch messaging, improved error handling, and enhanced console output — features that would be time-consuming to implement manually. This marks a notable advancement in offensive AI use, where attackers are not just using AI for social engineering but for actual code generation and conversion to bypass security controls.
The campaign primarily targets Brazilian users through WhatsApp, exploiting trust in compromised contacts. The multi-format approach — using ZIP, PDF, and HTA files — allows attackers to adapt to different user behaviors and security configurations. Trend Micro's telemetry shows files being downloaded directly from web.whatsapp.com, indicating the attackers are leveraging the platform's own infrastructure for delivery.
Trend Vision One detects and blocks the indicators of compromise associated with this campaign. The researchers emphasize that as adversaries incorporate AI into their toolchains, organizations must prepare for more agile and technically complex threats. The Water Saci campaign exemplifies how legitimate platforms like WhatsApp are increasingly exploited to reach specific geographic targets with sophisticated, layered attacks.