Brazil Battles Widespread Malware Attack, Sorvepotel
Brazil is grappling with a widespread malware attack, dubbed Sorvepotel, which has infected over 450 computers, predominantly in government and public service sectors. The campaign, concentrated in Brazil, has so far not resulted in large-scale data theft or ransomware encryption, but similar techniques have been employed in previous Brazilian cyberattacks.
The malware spreads through phishing messages containing a zip file disguised as a legitimate document. Once activated, it detects if WhatsApp web is active on the infected machine and automatically sends the zip file to all contacts and group chats. The organizations most affected are government agencies, educational institutions, technology companies, and manufacturing firms, with a particular focus on corporate networks using WhatsApp's desktop or browser versions for business communication. The malware targets Windows computers and requires users to open the attachment on a desktop. Two related payloads have been identified: Maverick.StageTwo and Maverick.Agent, capable of stealing credentials and displaying fake overlay windows. The goal of the attackers appears to be the delivery of more malware, typically a payload that gathers banking information.
Earlier this week, hackers stole over 5 million reals (about $939,000) from municipal bank accounts in Monte Sião. In July, a software company employee was arrested for helping steal over $100 million through Brazil's instant payment system, PIX.
The Sorvepotel malware attack in Brazil is a reminder of the ongoing threat posed by cybercriminals. With the increasing use of instant messaging platforms for business communication, organizations must remain vigilant against phishing attempts and ensure robust security measures are in place to protect sensitive data.
