A new self-propagating malware called SORVEPOTEL targets Brazilian users by exploiting WhatsApp to spread rapidly across Windows systems. The campaign focuses on speed and propagation rather than data theft or ransomware, mainly affecting government and enterprise sectors. #SORVEPOTEL #WhatsAppMalware
Keypoints
- SORVEPOTEL uses phishing messages with malicious ZIP files to infect Windows systems via WhatsApp.
- The malware spreads automatically through WhatsApp Web when active on an infected device.
- Threat actors also utilize email to distribute malicious ZIP attachments to targeted entities.
- Opening the ZIP file triggers a PowerShell script that downloads additional payloads and establishes persistence.
- The campaign mainly impacts sectors in Brazil, including government, education, and manufacturing.
Read More: https://thehackernews.com/2025/10/researchers-warn-of-self-spreading.html