"This threat group employs a wider-ranging attack model focused on a bespoke delivery and propagation mechanism that includes WhatsApp, ClickFix techniques, and email-centric phishing."
"It is now evident that while these Brazil-based operators heavily leverage script-based WhatsApp automation to compromise retail and consumer users in Latin America, they concurrently maintain and deploy an advanced, email-hijacking engine to penetrate enterprise perimeters there and Europe as well."
"The starting point of the campaign is a phishing email that employs court summons-themed messages to deceive recipients into opening a password-protected PDF attachment."
"The VBS script is designed to carry out environment and anti-analysis checks similar to those found in Horabot artifacts, including checks for Avast antivirus software."
A phishing campaign is targeting Spanish-speaking users in Latin America and Europe, delivering Windows banking trojans like Casbaneiro through malware known as Horabot. The campaign is attributed to a Brazilian cybercrime group called Augmented Marauder. The attack model includes WhatsApp, ClickFix techniques, and email phishing. The campaign starts with a court summons-themed phishing email that leads to a malicious link, downloading a ZIP archive that executes VBS payloads. These payloads perform checks and retrieve further payloads, launching Casbaneiro and Horabot malware.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]