Malware, Phishing

Phishing campaign delivers Casbaneiro and Horabot banking trojans

Privacy concept: pixelated words Malware on digital background, 3d render

A sophisticated, multi-pronged phishing campaign is actively targeting Spanish-speaking users in organizations across Latin America and Europe. The campaign aims to deliver potent Windows banking trojans, specifically Casbaneiro and Horabot, through a complex attack chain, according to a recent report by The Hacker News.

The threat actor, identified as Brazilian cybercrime group Augmented Marauder and Water Saci, employs a unique delivery mechanism involving WhatsApp, ClickFix techniques, and email-based phishing. The initial attack vector is a phishing email containing a password-protected PDF attachment disguised as a court summons. Upon opening the PDF, users are directed to a malicious link that downloads a ZIP archive, leading to the execution of interim HTML Application (HTA) and VBS payloads.

These scripts perform environment checks and retrieve further payloads from a remote server, ultimately deploying Casbaneiro and Horabot. Casbaneiro acts as the primary banking trojan, while Horabot serves as a propagation tool, using compromised email accounts to distribute phishing emails with dynamically generated PDF attachments to harvested contacts.

Source: The Hacker News

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds