
Sign up to save your podcasts
Or


Thomas Elkins, SOC L3 Analyst from BlueVoyant, is discussing "Unpacking Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns." BlueVoyant researchers uncovered a large-scale phishing campaign by a Brazil-linked threat group targeting Spanish-speaking users across Latin America and Europe, using fake judicial summons emails, WhatsApp attacks, ClickFix tactics, and email phishing to spread the Casbaneiro banking trojan through the Horabot malware framework.
The campaign uses sophisticated evasion methods including password-protected PDFs, dynamically generated ZIP filenames, anti-sandbox checks, fileless execution, and customized phishing lures to bypass security tools while turning infected systems into self-propagating botnets that hijack Outlook and webmail accounts to spread further attacks. Researchers say the operation highlights how the Augmented Marauder group (also known as Water Saci) is rapidly evolving its malware ecosystem, combining WhatsApp automation, dynamic phishing infrastructure, and advanced banking malware delivery into a highly adaptable, multi-pronged cybercrime operation.
The research and executive brief can be found here:
Learn more about your ad choices. Visit megaphone.fm/adchoices
By N2K Networks4.8
10061,006 ratings
Thomas Elkins, SOC L3 Analyst from BlueVoyant, is discussing "Unpacking Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns." BlueVoyant researchers uncovered a large-scale phishing campaign by a Brazil-linked threat group targeting Spanish-speaking users across Latin America and Europe, using fake judicial summons emails, WhatsApp attacks, ClickFix tactics, and email phishing to spread the Casbaneiro banking trojan through the Horabot malware framework.
The campaign uses sophisticated evasion methods including password-protected PDFs, dynamically generated ZIP filenames, anti-sandbox checks, fileless execution, and customized phishing lures to bypass security tools while turning infected systems into self-propagating botnets that hijack Outlook and webmail accounts to spread further attacks. Researchers say the operation highlights how the Augmented Marauder group (also known as Water Saci) is rapidly evolving its malware ecosystem, combining WhatsApp automation, dynamic phishing infrastructure, and advanced banking malware delivery into a highly adaptable, multi-pronged cybercrime operation.
The research and executive brief can be found here:
Learn more about your ad choices. Visit megaphone.fm/adchoices

188 Listeners

2,009 Listeners

1,657 Listeners

369 Listeners

375 Listeners

1,534 Listeners

648 Listeners

317 Listeners

421 Listeners

8,051 Listeners

178 Listeners

313 Listeners

192 Listeners

73 Listeners

136 Listeners