The Threat CodexOct 28
Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence and Sophisticated C&C
#WaterSaci #SORVEPOTEL
https://www.trendmicro.com/en_us/research/25/j/active-water-saci-campaign-whatsapp-update.html
Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence and Sophisticated C&C

Continuous investigation on the Water Saci campaign reveals innovative email-based C&C system, multi-vector persistence, and real-time command capabilities that allow attackers to orchestrate coordinated botnet operations, gather detailed campaign intelligence, and dynamically control malware activity across multiple infected machines.

Trend Micro
CyberVeille.chOct 5, 2025
📢 SORVEPOTEL : un malware auto-propagatif via WhatsApp cible massivement le Brésil
📝 Selon Trend Micro Research, une campagne agressive de malware baptisée SORVEPOTEL exploite WhatsApp comme vect...
📖 cyberveille : https://cyberveille.ch/posts/2025-10-05-sorvepotel-un-malware-auto-propagatif-via-whatsapp-cible-massivement-le-bresil/
🌐 source : https://www.trendmicro.com/en_us/research/25/j/self-propagating-malware-spreads-via-whatsapp.html
#PowerShell #SORVEPOTEL #Cyberveille
SORVEPOTEL : un malware auto-propagatif via WhatsApp cible massivement le Brésil

Selon Trend Micro Research, une campagne agressive de malware baptisée SORVEPOTEL exploite WhatsApp comme vecteur principal d’infection et touche surtout des organisations au Brésil. Le malware se diffuse via des archives ZIP piégées déguisées en documents légitimes envoyées sur WhatsApp (et potentiellement par email). Une fois ouvertes, des fichiers LNK malveillants déclenchent des commandes PowerShell obfusquées (fenêtre cachée et payload Base64) qui téléchargent des scripts depuis une infrastructure d’attaque dédiée. SORVEPOTEL établit une persistance sur Windows et détourne les sessions WhatsApp Web actives pour envoyer automatiquement le ZIP malveillant à tous les contacts et groupes, entraînant une propagation rapide et des bannissements fréquents de comptes.

CyberVeille
Tarnkappe.infoOct 4, 2025
📬 WhatsApp-Malware SORVEPOTEL verbreitet sich selbst über Phishing-Nachrichten
#Cyberangriffe #ITSicherheit #BatchSkript #Brasilien #C2Server #MalwareAngriff #Sorvepotel #TrendMicro #WhatsAppWeb https://sc.tarnkappe.info/df267e
WhatsApp-Malware SORVEPOTEL verbreitet sich selbst über Phishing-Nachrichten

Forscher warnen vor der neuen WhatsApp-Malware „SORVEPOTEL“, die sich über Phishing-Nachrichten verbreitet und viele Geräte verseucht hat.

TARNKAPPE.INFO
ScripterOct 3, 2025
Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL thehackernews.com/2025/10/rese... #Cybercrime #Malware #SORVEPOTEL #WhatsApp

Researchers Warn of Self-Sprea...
Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL

WhatsApp malware SORVEPOTEL infects 477 systems in Brazil, spreading via phishing ZIP files and spamming contacts.

The Hacker News
Scripter Oct 3, 2025
Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL
https://thehackernews.com/2025/10/researchers-warn-of-self-spreading.html #Cybercrime #Malware #SORVEPOTEL #WhatsApp
The Threat CodexOct 3, 2025
Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users
#WhatsApp #SORVEPOTEL
https://www.trendmicro.com/en_us/research/25/j/self-propagating-malware-spreads-via-whatsapp.html
Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users

Trend™ Research has identified an active campaign spreading via WhatsApp through a ZIP file attachment. When executed, the malware establishes persistence and hijacks the compromised WhatsApp account to send copies of itself to the victim’s contacts.

Trend Micro