Cyber Security News reports that organizations in Brazil are having their Windows systems targeted with the self-propagating SORVEPOTEL malware through WhatsApp as part of a new phishing campaign.Attacks commenced with the delivery of phishing emails containing illicit ZIP attachments purporting to be budgets, receipts, and other files seemingly from legitimate institutions, which display a Windows LNK file upon extraction, according to an analysis from Trend Micro.Executing the LNK file triggers an encoded command deploying a batch script, which fetches another batch file payload and ensures persistence before proceeding to determine active WhatsApp Web sessions, where SORVEPOTEL automatically propagates.Such a compromise not only expands SORVEPOTEL's infection rates but also results in the prohibition of accounts due to service terms violations. Trend Micro researchers noted that the threat of SORVEPOTEL should prompt the implementation of more stringent endpoint security policies and routine user awareness training programs.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds