Cybersecurity experts have raised alarms regarding a new virus, SORVEPOTEL, which is currently making waves on WhatsApp Web. This malware poses a significant risk, potentially leading to the suspension of user accounts due to its ability to generate suspicious or automated behavior. While the majority of reported cases have emerged from Brazil, experts caution that it is only a matter of time before this virus spreads to other regions. To date, 477 computers have been infected, with 457 of those cases rooted in Brazil. Understanding the nature of this virus and how to safeguard against it is crucial for all users.
The virus
SORVEPOTEL distinguishes itself from typical computer viruses that aim to pilfer passwords or financial information. Instead, its primary goal is to propagate uncontrollably among WhatsApp Web users, disrupting systems and networks in the process. Once a computer is infected, the virus leverages WhatsApp Web to disseminate infected files to every contact and group, generating activity that WhatsApp flags as suspicious, ultimately leading to account suspensions.
How the SORVEPOTEL virus is spread
The infection process begins with a phishing message dispatched from an already compromised account, which increases the likelihood of the recipient trusting the content. This message typically contains a ZIP file that masquerades as a legitimate document—such as a payment receipt, invoice, or medical report—while concealing a malicious payload. Within the ZIP file lies a hidden Windows shortcut (.LNK). When the unsuspecting user opens the file, a covert program activates, downloading the virus from the internet and installing it on the computer. Subsequently, the malware is programmed to launch automatically each time the computer is powered on. Once it detects that WhatsApp Web or the desktop application is in use, it begins its disruptive activities.
How to protect yourself from the virus
Trend Micro has outlined several straightforward measures to help users avoid falling victim to the SORVEPOTEL malware:
- Disable automatic downloads in both WhatsApp Web and the desktop app to prevent files from being saved without your consent.
- Avoid opening ZIP files or attachments from unknown senders, regardless of how trustworthy they may appear.
- Ensure your computer and antivirus software are updated regularly to block the latest malware threats.
- Exercise caution even with messages from friends or colleagues, as their accounts may be compromised without their knowledge.
- Educate employees about online safety to empower them to recognize and prevent such scams.
- Limit file sharing in workplace settings or on remote computers to minimize the risk of virus transmission.
Why the virus is dangerous
Although SORVEPOTEL does not engage in data theft or file blocking, its capacity to spread uncontrollably makes it a significant threat to both individual users and organizations. Experts warn that if preventive measures are not adopted, this malware could evolve into more sophisticated attacks in the future.
What to do if you use WhatsApp Web
Before opening any ZIP file or document, verify that it originates from a trusted source. If you observe any unusual activity on your account, disconnect immediately and conduct a comprehensive antivirus scan on your computer. In today’s technology-driven world, vigilance is essential not only with WhatsApp but across all applications you utilize. Have you ever encountered a virus of this nature?
