Malware alert infographic: WhatsApp icon with hijack arrows to bank credentials; protective shields for MFA and antivirus, with "Secure Your Messages" warning banner over a smartphone.

Maverick, a banking malware similar to Coyote, spreads via WhatsApp Web using SORVEPOTEL to hijack browser sessions and distribute ZIP files. It targets Brazilian users, monitoring banking URLs and stealing credentials through phishing pages.

Malware alert infographic: WhatsApp icon with hijack arrows to bank credentials; protective shields for MFA and antivirus, with "Secure Your Messages" warning banner over a smartphone.Malware alert infographic: WhatsApp icon with hijack arrows to bank credentials; protective shields for MFA and antivirus, with "Secure Your Messages" warning banner over a smartphone.

The malware uses PowerShell and VB Script, disables defenses, and employs IMAP-based C2 for commands like info gathering, file operations, and screenshots. Linked to Water Saci, it exploits WhatsApp's popularity in Brazil (148 million users) for scalable attacks.

Malware alert infographic: WhatsApp icon with hijack arrows to bank credentials; protective shields for MFA and antivirus, with "Secure Your Messages" warning banner over a smartphone.Malware alert infographic: WhatsApp icon with hijack arrows to bank credentials; protective shields for MFA and antivirus, with "Secure Your Messages" warning banner over a smartphone.

Protect yourself: Avoid suspicious downloads, enable MFA, and use antivirus. This highlights risks in messaging apps for financial fraud.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, FraudProtector.net