Phishy Business: Horabot Malware Hooks Latin America with Invoice Scams
Phishers are reeling in victims with a new malware called Horabot, targeting Windows users in Latin America. Disguised as financial documents, these emails bait users into opening malicious attachments. Once hooked, the malware steals email credentials, swipes contact lists, and dabbles in banking fraud, leaving victims saying, “Holy Horabot!”
Hot Take:
Horabot is like the ultimate party crasher – uninvited, unwelcome, and definitely not leaving without causing a scene. This new phishing campaign makes the NSA look like a group of amateur magicians, pulling rabbits out of hats while Horabot is out here pulling passwords from your email. It’s like a bad telenovela; you don’t know how it got here, but it’s hard to look away from the drama. So, Latin American Windows users, it might be time to start vetting your ‘invoices’ a little more diligently, lest you end up starring in the next episode of ‘When Malware Attacks’.
Key Points:
- Horabot targets Windows users in Latin American countries with phishing emails disguised as invoices.
- The campaign steals email credentials and propagates through Outlook COM automation.
- It uses VBScript, AutoIt, and PowerShell scripts for reconnaissance and credential theft.
- The malware can steal data from a variety of popular web browsers including Chrome and Edge.
- Horabot was first identified in 2023, and is believed to originate from Brazil.