Posted in Blog Cover Stories Editorial Entertainment Exclusive Fashion Featured Gadgets Lifestyle Racing Sports Technology Travel Trending

⚠️ Researchers Warn of Self-Spreading WhatsApp Malware “SORVEPOTEL” Targeting Brazil

on
laxmikanthire24

Cybersecurity researchers have uncovered a new wave of malware spreading through WhatsApp Web, with a particular focus on Brazilian users. The malware, named SORVEPOTEL by Trend Micro, is designed for speed and mass propagation rather than stealing sensitive data or encrypting files for ransom.

🚨 How SORVEPOTEL Works

  • The attack begins with a phishing message sent from a compromised WhatsApp contact.
  • Victims receive a ZIP file attachment disguised as a receipt, health app file, or other harmless document.
  • Once opened on a Windows desktop, the ZIP file executes a Windows shortcut (LNK) that silently runs a PowerShell script.
  • This script fetches the main malware payload from an external server and installs it for persistence by copying itself into the Windows Startup folder.

From there, the malware actively checks if WhatsApp Web is running. If so, it automatically sends the malicious ZIP file to all contacts and groups, causing rapid spread. This aggressive spamming often results in the victim’s account being banned or suspended by WhatsApp for violating its terms of service.

🎯 Who Is Being Targeted?

So far, 457 of 477 infections have been recorded in Brazil, impacting sectors such as:

  • Government
  • Public services
  • Manufacturing
  • Technology
  • Education
  • Construction

Researchers believe the campaign may be more enterprise-focused, since the malware specifically requires victims to open attachments on desktops rather than mobile devices.

🛠 Attack Infrastructure

The campaign also involves:

  • CIS Build Kits to deliver malicious ZIP files.
  • Email-based phishing using legitimate-looking email addresses.
  • A command-and-control (C2) server that can deliver further instructions or components.

The domain sorvetenopoate[.]com has been linked to the malware’s infrastructure.

🔑 Key Takeaways

  • SORVEPOTEL is not stealing data or encrypting systems—its primary goal is self-spreading via WhatsApp Web.
  • It highlights how attackers are increasingly abusing popular communication platforms for rapid, large-scale malware distribution.
  • Opening suspicious ZIP attachments, even from trusted contacts, can trigger infection.

🛡️ How to Stay Safe

  • Do not open unexpected ZIP attachments on WhatsApp or email—even from known contacts.
  • Verify file sources before downloading or executing.
  • Keep Windows security patches and antivirus solutions up to date.
  • Be cautious when using WhatsApp Web on desktops, especially in work environments.

The SORVEPOTEL campaign serves as a reminder that social engineering + trusted platforms = powerful attack vectors. As messaging apps become essential for business communication, organizations must remain vigilant against phishing-based malware outbreaks.

You May Also Like

More From Author

Apple May Launch New Headphones With USB-C Port Next Month

One thought on “⚠️ Researchers Warn of Self-Spreading WhatsApp Malware “SORVEPOTEL” Targeting Brazil

Leave a Reply to Akshay Darekar Cancel reply

Your email address will not be published. Required fields are marked *