WhatsApp Hit with Self-Propagating Malware
A new self-propagating malware is spreading throughout WhatsApp. It’s called SORVEPOTEL, and it’s trying to spread to as many systems as possible using clever, trusted-looking phishing messages.
In this blog, we’ll cover how SORVEPOTEL works, what it aims to do, and how you can stay safe from phishing campaigns just like this one.
The Hack
A message appears in your inbox. It might come from a co-worker, a friend, or a family member. Either way, the messenger is likely someone already on your contact list, and they’ll be trying to get you to open up some zip file on your desktop computer (not your phone). Once open, the file will install malware that embeds deep into your computer, where it will begin collecting information from your machine. It can:
- Take screenshots
- Log keystrokes
- Inject code
- Block keyboard and mouse input
- List installed applications
- Deliver fake alerts to steal credentials and authentication codes.
While this is happening, the malware will also hijack your WhatsApp account. Like the malicious message that had initially infected your computer, the malware will send the same malicious zip file across all of your contacts and groups. And from there, the cycle repeats.
These spam messages often lead to the victim’s account being suspended or banned under WhatsApp’s terms of service. But by then, the damage has already been done.
Who It’s Targeting
Right now, the SORVEPOTEL WhatsApp malware campaign is primarily focused in Brazil. Specifically, it’s targeting government agencies, public services, manufacturing, technology, education, and construction sector WhatsApp accounts.
The fact that victims are instructed to open the file on desktop systems suggests that attackers are focusing on business environments, where WhatsApp might be used on work computers.
And while Brazil may seem far away, that doesn’t mean you should rest easy. If this attack is working for one group of cybercriminals, it can work for another – all a different group of hackers needs to do is change the language.
What’s happening in Brazil could easily happen at home.
Why This Is Dangerous
Beyond the obvious – the credential stealing, malware spreading, and account bans – there’s more to this hack that makes it particularly unsettling for security experts.
This attack is mostly hands-off for the hackers.
Once launched, the malware spreads automatically through WhatsApp trusted contacts and accounts. Like tipping the first domino in a line, SORVEPOTEL knocks down account after account, reaping credentials along the way.
It’s a grim reminder that even our most trusted collaboration tools are far from safe and require just as much discipline and cyber awareness as any other part of your security strategy.
What You Can Do
Just like with any phishing attempt, it’s important to stay alert.
- Be cautious with attachments: Don’t open zip files or other attachments unless you’re absolutely sure they’re legitimate.
- Confirm through another channel: If something seems off, even if it’s from someone you trust, reach out another way to confirm the message is legitimate.
- Watch for urgency or odd language: cybercriminals love to use words and terms like “urgent,” “alert,” or “act now,” to get users to act in a panic. If you are suddenly sent an “urgent” message, you should consider it with healthy skepticism.
- Update your applications and security features: Security features are constantly being improved to combat new threats. Make sure your apps (like WhatsApp) are regularly updated so you benefit from the latest security patches.
Personal discipline and awareness are your best defense against phishing, but having experts on your side can make a massive difference.
At the 20 MSP, we provide 24/7/365 support, top-tier security solutions and security, and security training programs. Keeping our clients not just protected, but in the know, is just one of the many things we offer – all under one flat-rate fee.
Ready to have an expert watch your back? Reach out today.
Want more tips like this?
Subscribe using the form on the right and get our latest cybersecurity insights delivered straight to your inbox.
About The 20 MSP
As a leading provider of managed IT services, The 20 MSP serves thousands of businesses nationwide, including single and multi-location organizations, delivering white-glove service, secure and streamlined IT infrastructure, and 24/7/365 support. We believe in building lasting relationships with clients founded on trust, communication, and the delivery of high-value services for a fair and predictable price. Our client’s success is our success, and we are committed to helping each and every organization we serve leverage technology to secure a competitive advantage and achieve new growth.
