A new cyber threat campaign called Horbot has been discovered by a cyber security company Cisco Talos Targeting Spanish-speaking users in the Americas.
Horabot, a botnet, has been active since November 2020 and is responsible for spreading banking trojans and spam. According to an advisory issued by Cisco Talos earlier today, the threat actor behind the campaign is believed to be in Brazil.
Chetan Raghuprasad, a cyber threat researcher at Cisco Talos, explained that the main focus of the attacks was Spanish-speaking users in Mexico. However, infections have also been reported in Uruguay, Brazil, Venezuela, Argentina, Guatemala and Panama.
A number of business industries, including accounting, construction, engineering, wholesale distribution and investment firms, were affected.
Raghuprasad explained that the campaign follows a multi-stage attack chain that begins with a phishing email in Spanish disguised as a receipt message no.
Read more about phishing attacks: Social Media Phishing – The Cyber Security Threat of 2023
When victims open the attached HTML file, they are redirected to another malicious HTML file hosted on an Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instance controlled by the attacker. This file lures victims into downloading a RAR file, and begins the payload delivery process.
Once installed, the banking Trojan can steal victims’ login credentials, operating system information, and keystrokes. It can also obtain one-time security codes from online banking applications.
In addition, the spam tool can compromise webmail accounts such as Yahoo, Gmail, and Outlook, allowing an attacker to control mailboxes, filter contact email addresses, and send spam.
Cisco Talos consultation Includes a comprehensive list of indicators of compromise (IOCs) for the Horabot threat, along with detailed guidance to help organizations protect themselves against this malware and mitigate its potential impact.
Its release comes months after the Chinese state-sponsored threat actor DEV-0147 was spotted targeting diplomatic entities in South America.
