What is Casbaneiro malware?

Banking trojan from Brazil, steals creds via DLL injection. Hits Windows, spreads via Horabot.

How to protect against Casbaneiro phishing?

Block HTA/VBS execution, monitor ZIP downloads from PDFs, train on judicial lures. Hunt PHP callbacks in logs.

Does Casbaneiro target only Latin America?

No—Europe's in play now via enterprise emails. North America likely soon.

Casbaneiro Gang's Sneaky Dynamic PDFs Hit Enterprises in LatAm and Europe

Forget static phishing lures. Brazilian crooks are cranking out custom PDFs on the fly to slip Casbaneiro banking trojans past enterprise gates. It's not just consumers anymore.

Threat Digest Apr 03, 2026 4 min read 15 views

Phishing email with locked PDF attachment mimicking court summons for Casbaneiro trojan delivery

⚡ Key Takeaways

Casbaneiro phishing uses dynamic, custom PDFs generated on-the-fly to evade detection. 𝕏
Targets shifted from consumers via WhatsApp to enterprises in LatAm and Europe via email hijacks. 𝕏
Horabot enables self-propagation using victims' own accounts— a nasty evolution. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#Casbaneiro #Horabot #Latin America cybercrime #Water Saci #phishing #phishing campaign

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by The Hacker News

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

0ktapus Phishing Snags 10,000 Credentials Across 130 Companies—Your MFA Is the Weak Link

Iran's April 1 Deadline Puts Apple, Google in Crosshairs

Chrome's Fifth Zero-Day Patch: Google Races Against Relentless Exploits

IRGC Puts Apple, Google, Tesla on Middle East Hit List for April 1 Attacks

Stay in the loop