Trend Micro warns of SORVEPOTEL, a WhatsApp-targeting malware that spreads ZIP files via WhatsApp Web, spamming contacts and risking account bans. Tips inside.
© E. Vartanyan
Cybersecurity researchers at Trend Micro have warned about a new malicious campaign targeting WhatsApp users. The malware, known as SORVEPOTEL, doesn’t steal personal data but can put the user’s account itself at risk.
The infection method is straightforward yet effective. A victim receives a message with a ZIP archive disguised as a document—such as a payment order or a medical certificate. Opening the file on a computer triggers the installation of malicious software. If WhatsApp Web is active on the infected device, the malware automatically sends the same file to all contacts and group chats.
The main threat isn’t data theft, but a mass spam blast that could lead to an account being blocked for violating WhatsApp’s rules. It’s a telling reminder of how routine habits meet social engineering: a familiar-looking attachment, one careless click, and the problem multiplies.
Experts recommend avoiding suspicious attachments, even if they appear to come from people you know. If such an archive shows up, the safest move is to delete the message immediately and run an antivirus scan.