The Reveal Platform
Intel Name: Self-propagating malware spreading via whatsapp, targets brazilian users
Date of Scan: October 6, 2025
Impact: Medium
Summary: SORVEPOTEL has been found spreading across Windows systems, accompanied by a message prompting users to open it on a desktop—indicating that the attackers are likely targeting enterprise environments. The malware exploits active WhatsApp sessions to automatically send the same malicious ZIP file to all contacts and groups linked to the victim’s compromised account, enabling rapid propagation. Its payload is an infostealer specifically aimed at financial institutions and cryptocurrency exchanges within the Brazilian market.
