Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A Brazilian cybercrime group tracked as Augmented Marauder and Water Saci is conducting a multi-pronged phishing campaign targeting Spanish-speaking users in organizations across Latin America and Europe. The campaign leverages dynamic PDF lures to deliver the Windows banking trojan Casbaneiro (also known as Metamorfo) through another malware dropper called Horabot. Organizations should educate employees on recognizing phishing attempts, implement robust email filtering solutions, and ensure endpoint detection systems are configured to detect banking trojan activity. The campaign demonstrates the continued effectiveness of phishing as an initial access vector for financial malware.

A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot. The activity has been attributed to a Brazilian cybercrime threat actor tracked as Augmented Marauder and Water Saci. The e-crime group was first documented by Trend Micro in

A Brazilian cybercrime group tracked as Augmented Marauder and Water Saci is conducting a multi-pronged phishing campaign targeting Spanish-speaking users in organizations across Latin America and Europe. The campaign leverages dynamic PDF lures to deliver the Windows banking trojan Casbaneiro (also known as Metamorfo) through another malware dropper called Horabot. Organizations should educate employees on recognizing phishing attempts, implement robust email filtering solutions, and ensure endpoint detection systems are configured to detect banking trojan activity. The campaign demonstrates the continued effectiveness of phishing as an initial access vector for financial malware. A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot. The activity has been attributed to a Brazilian cybercrime threat actor tracked as Augmented Marauder and Water Saci. The e-crime group was first documented by Trend Micro in A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot. The activity has been attributed to a Brazilian cybercrime threat actor tracked as Augmented Marauder and Water Saci. The e-crime group was first documented by Trend Micro in