![Scam papers served. [Research Saturday] episode artwork](https://megaphone.imgix.net/podcasts/46037c9c-5082-11f1-9108-134a5948e32b/image/95b72a93c2ffaf8ff900d662a9bd3735.png?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress)
EPISODE · May 16, 2026 · 26 MIN
Scam papers served. [Research Saturday]
from CyberWire Daily · host N2K Networks
Thomas Elkins, SOC L3 Analyst from BlueVoyant, is discussing "Unpacking Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns." BlueVoyant researchers uncovered a large-scale phishing campaign by a Brazil-linked threat group targeting Spanish-speaking users across Latin America and Europe, using fake judicial summons emails, WhatsApp attacks, ClickFix tactics, and email phishing to spread the Casbaneiro banking trojan through the Horabot malware framework. The campaign uses sophisticated evasion methods including password-protected PDFs, dynamically generated ZIP filenames, anti-sandbox checks, fileless execution, and customized phishing lures to bypass security tools while turning infected systems into self-propagating botnets that hijack Outlook and webmail accounts to spread further attacks. Researchers say the operation highlights how the Augmented Marauder group (also known as Water Saci) is rapidly evolving its malware ecosystem, combining WhatsApp automation, dynamic phishing infrastructure, and advanced banking malware delivery into a highly adaptable, multi-pronged cybercrime operation. The research and executive brief can be found here: Unpacking Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns Learn more about your ad choices. Visit megaphone.fm/adchoices
What this episode covers
Thomas Elkins, SOC L3 Analyst from BlueVoyant, is discussing "Unpacking Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns." BlueVoyant researchers uncovered a large-scale phishing campaign by a Brazil-linked threat group targeting Spanish-speaking users across Latin America and Europe, using fake judicial summons emails, WhatsApp attacks, ClickFix tactics, and email phishing to spread the Casbaneiro banking trojan through the Horabot malware framework. The campaign uses sophisticated evasion methods including password-protected PDFs, dynamically generated ZIP filenames, anti-sandbox checks, fileless execution, and customized phishing lures to bypass security tools while turning infected systems into self-propagating botnets that hijack Outlook and webmail accounts to spread further attacks. Researchers say the operation highlights how the Augmented Marauder group (also known as Water Saci) is rapidly evolving its malware ecosystem, combining WhatsApp automation, dynamic phishing infrastructure, and advanced banking malware delivery into a highly adaptable, multi-pronged cybercrime operation. The research and executive brief can be found here: Unpacking Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns Learn more about your ad choices. Visit megaphone.fm/adchoices
NOW PLAYING
Scam papers served. [Research Saturday]
No transcript for this episode yet
Similar Episodes
No similar episodes found.