ACCORDING to Dark Reading, the cybercrime operation Water Saci, also known as Augmented Marauder, has a parallel multi-pronged campaign targeting Latin America, with a recent focus on self-propagating, wormable techniques centred on Casbaneiro, a classic banking Trojan. The latest activity uses self-propagating emails and WhatsApp messages to spread, employing a password‑protected zipped attachment whose name is randomized to evade signature-based detection.
A key component is Horabot, a tool designed to exploit victims’ email accounts to harvest contacts and blast new phishing emails to potential targets. The Trojan’s targets include major banks in Central and South America, such as Santander and Banco do Brasil, as well as platforms like Binance, with overlays used to capture credentials.
BlueVoyant analysts describe the campaign as highly active and oriented toward gaining access to bank accounts across the region, illustrating how wormable delivery and social‑engineering elements compound the threat.