Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users | Trend Micro (US)
Oct. 6, 2025, 7:09 p.m.
Description
SORVEPOTEL has been observed to spread across Windows systems through convincing phishing messages with malicious ZIP file attachments. Interestingly, the phishing message that contains the malicious file attachment requires users to open it on a desktop, suggesting that threat actors might be more interested in targeting enterprises rather than consumers. Once opened, the malware automatically propagates via WhatsApp Web, causing infected accounts to be banned due to excessive spam activity.
Tags
Date
- Created: Oct. 6, 2025, 6:55 p.m.
- Published: Oct. 6, 2025, 6:55 p.m.
- Modified: Oct. 6, 2025, 7:09 p.m.
Indicators
- bd62148637152396b757c8b106d5a62982bce9df12f0a6030dda9138e44e7328
- dcdde53c50aef9531c9f59f341a4e2d59796cdd94a973f2c2a464b2cafed41f5
- c50b6ff360e5614d91f80a5e2d616a9d0d1a9984751bf251f065426a63dac0b5
- 441a2ad553d166df3cd0ea02482f4b8370e8f9618753e1937a251a6318cb8eba
- 2d83c4d620866f4ae647ed6a70113686bb7b80b1a7bbdcf544fd0ffec105c4a6
- 3b68826e4a1d95b1dd58b3bf1095750f31a72d8bddd1dbb35e6547ac0cf4769b
- 2150f38c436eabebd3a93b3ace1064315153c882ce763991b6d0fb798766e0db
- 1a0af26749f5bc21732c53fc12f3a148215c8221cbeffe920411656f1ffe7500
- 77.111.101.169
- 23.227.203.148
- 109.176.30.141
- 165.154.254.44
- www.sorvetenopote.com
- www.expansiveuser.com
- https://sorvetenopote.com/api/itbi/Q77xivT4udoXayYELTwehMD666ovP6DZ
- sorvetenopote.com
- saogeraldoshoping.com
- expansiveuser.com
- imobiliariaricardoparanhos.com
- expansivebot.com
- casadecampoamazonas.com
- bravexolutions.com
- adoblesecuryt.com
Additional Informations
- Construction
- Crypto
- Technology
- Financial
- Education
- Government
- Manufacturing
- Brazil