Introduction

A new self-propagating malware, dubbed SORVEPOTEL, has emerged in Brazil, explicitly targeting users of the widely used messaging app WhatsApp. Unlike typical malware that focuses on data theft or ransomware, SORVEPOTEL thrives on propagation, making it essential for IT professionals to stay vigilant.

Key Details

• Who: Trend Micro researchers uncovered SORVEPOTEL.
• What: This malware spreads via phishing messages containing malicious ZIP file attachments.
• When: The campaign has been active recently, with most incidents noted in October 2025.
• Where: The majority of infections (457 out of 477) are located in Brazil, affecting various sectors, including government and technology.
• Why: Designed for rapid distribution, SORVEPOTEL leverages trust in WhatsApp, coaxing users into executing a Windows shortcut file that downloads further malicious components.
• How: Once activated, the malware targets WhatsApp Web to spread artificially via infected accounts, leading to account bans due to excessive spam.

Why It Matters

The SORVEPOTEL campaign reflects a growing trend where threat actors exploit popular communication platforms for fast, widespread attacks. For IT infrastructure, this raises critical concerns around:

• Enterprise Security: Increased risks of malware entering corporate environments, especially if employees use personal messaging apps for work-related communication.
• Compliance: Organizations must ensure adherence to security protocols to mitigate the risk of such attacks.
• Network Management: Administrators should be aware of how malware can disrupt normal operations and lead to account suspensions.

Takeaway for IT Teams

IT teams should prioritize educating employees about phishing risks and implement robust security measures around messaging platforms. Additionally, consider restricting the use of WhatsApp for work purposes to minimize potential threats from self-propagating malware like SORVEPOTEL.

For ongoing infrastructure insights, visit TrendInfra.com.