A new campaign of malware on WhatsApp called Water Saci is attracting the attention of experts in cybersecurity because is spreading the WhatsApp malware identified as SORVEPOTEL, a threat that propagates automatically through WhatsApp Web, especially affecting Brazilian users and companies.
The attack begins when the victim receives a message with a malicious ZIP file, which contains a disguised shortcut (.LNK). Opening the file compromises the system, allowing the malware to automatically send the same file to all of the victim’s contacts and groups, creating a large-scale infection chain.
According to the report of the Trend Micro, more than 95% of infections were detected in Brazil, and the main target is banks, fintechs and companies that handle sensitive financial information.
What can SORVEPOTEL malware do?
This new type of malware via WhatsApp is not just a common virus. It is designed to steal sensitive data and compromise victims’ financial security. Its main capabilities include:
- Theft of banking credentials and passwords;
- QR Code Interception and Two-Factor Authentication;
- Screen capture and keylogging;
- Displaying fake bank pages to collect confidential data;
- Persistence in the system, allowing remote control and continuous information theft.
In addition to impacting individual users, this type of attack represents a real risk for companies who use WhatsApp in their corporate communication flows.
The Challenge: WhatsApp as a Vector of Corporate Risk
The WhatsApp Web has been a great productivity enabler, but also a vulnerable point.
Because it runs directly in the browser, any active session can be exploited by malware that takes advantage of this connection, just like SORVEPOTEL does.
When the corporate environment lacks visibility or control over WhatsApp usage, it opens the door to risks such as:
- Leakage of confidential information;
- Chain infection between employees and customers;
- Compromise of banking credentials and strategic data;
- Violation of standards of compliance and data protection.
How Tuvis protects companies against attacks like SORVEPOTEL
Tuvis is a global leader in security and governance in corporate messaging solutions. With our technologies, companies can protect their communications and data even in high-risk environments, such as WhatsApp.
See how Tuvis helps prevent malware attacks and minimize impacts in 4 steps:
1. Blocking WhatsApp Web
With Tuvis integrations, it is possible to block access to WhatsApp via browser, allowing the use only through the Tuvis corporate application.
This simple measure eliminates the main vector exploited by the SORVEPOTEL malware, which depends on WhatsApp Web to spread.
2. DLP (Data Loss Prevention) Policies
Tuvis offers intelligent data loss prevention rules, which block suspicious attachments, links, and messages before they cause damage.
This way, ZIP files, scripts and other malicious content are automatically detected and blocked.
3. Monitoring and auditing communications
All interactions carried out through the corporate environment are monitored, recorded and auditable, ensuring compliance, governance and traceability. This allows you to detect abnormal behavior, such as mass messaging, and take quick action.
4. Integrations with security platforms
Tuvis is integrated into corporate security solutions, SIEM and CRM, strengthening the protection ecosystem and facilitating incident response.
Prevention is the new priority
Digital attacks are increasingly targeted, rapid, and sophisticated. The case of malware on WhatsApp SORVEPOTEL that it is part of the a campaign called Water Saci, makes it clear that corporate security needs to adapt to new digital behavior, where the personal and the professional blend together in instant communication tools.
Protecting your business isn’t just about blocking threats. It’s about ensuring continuity, trust and compliance in every conversation. At Tuvis, we work every day to ensure that safety and productivity go hand in hand, without compromising the agility that the business world demands.
