Summary

A sophisticated phishing campaign is targeting Spanish-speaking users in Latin America and Europe, deploying Windows banking trojans like Casbaneiro via the Horabot malware. This operation is linked to a Brazilian cybercrime group known as Augmented Marauder and Water Saci.

Key Points

• The campaign targets Spanish-speaking users in organizations across Latin America and Europe.
• It delivers Windows banking trojans such as Casbaneiro (also known as Metamorfo).
• The phishing attacks utilize another malware called Horabot to execute their payload.
• The threat actor behind this campaign is a Brazilian group tracked as Augmented Marauder and Water Saci.
• Trend Micro first documented this e-crime group.

Analysis

This phishing campaign is significant due to its targeted approach towards Spanish-speaking users and its use of dynamic PDF lures to deliver banking trojans. The involvement of a known Brazilian cybercrime group highlights the persistent threat from organized cybercriminals in the region. The use of multiple malware strains to achieve their objectives indicates a high level of sophistication and adaptability.

Conclusion

IT professionals should enhance their phishing detection mechanisms and educate users about the risks of opening suspicious PDFs. Monitoring for indicators of compromise associated with Casbaneiro and Horabot is crucial to mitigate potential threats.