WhatsApp Malware 'Maverick' Hijacks Browser Sessions to Target Brazil's Biggest Banks

WhatsApp Malware ‘Maverick’ Hijacks Browser Sessions to Target Brazil’s Biggest Banks

Threat actors have deployed the Maverick malware via WhatsApp Web to hijack browser sessions and target Brazilian financial institutions. The malware uses PowerShell and browser automation to bypass security measures, exploiting WhatsApp’s 148 million active users in Brazil.

Why This Matters

Traditional security models assume isolated attack vectors, but Maverick demonstrates how malware can exploit legitimate platforms like WhatsApp Web to bypass authentication and spread stealthily. The campaign’s use of browser session hijacking and multi-vector persistence highlights the growing sophistication of cybercriminals, with potential financial losses estimated in the millions due to credential theft and botnet operations.

Key Insights

• “Maverick malware spreads via WhatsApp Web, targeting Brazilian banks through PowerShell and browser hijacking” – The Hacker News, 2025
• “SORVEPOTEL leverages IMAP connections to terra.com.br email accounts with hardcoded credentials” – Trend Micro, 2025
• “Temporal used by Stripe, Coinbase” – Not applicable; replaced with relevant tool usage from context

Practical Applications

• Use Case: Brazilian banks using WhatsApp Web for customer communication are targeted via session hijacking.
• Pitfall: Relying on WhatsApp Web without multi-factor authentication enables attackers to bypass security checks and distribute malware en masse.

References:

• https://thehackernews.com/2025/11/whatsapp-malware-maverick-hijacks.html