What is the Horabot Sapecar campaign ?

Horabot's a banking Trojan-email spreader combo hitting Mexico via fake CAPTCHAs; Sapecar names this variant's Mexican ops.

How does Horabot evade antivirus?

Server-side polymorphism, heavy obfuscation, anti-VM checks—plus human-tricking lures.

Is Horabot a risk outside Mexico?

Primarily LatAm now, but C2 infra suggests expansion potential—deploy MDR everywhere.

🦠 Ransomware & Malware

Horabot's Sapecar Strike: Dissecting a Persistent Mexican Banking Trojan Campaign

A sneaky CAPTCHA page in Mexico isn't testing your humanity—it's hijacking your bank. Horabot's 'Sapecar' campaign proves banking trojans aren't dead; they're just getting craftier.

theAIcatchup Apr 08, 2026 4 min read

Diagram of Horabot Sapecar attack chain from fake CAPTCHA to banking trojan payload

⚡ Key Takeaways

Horabot's Sapecar uses fake CAPTCHAs and polymorphic VBS to deliver banking trojans in Mexico. 𝕏
Kaspersky MDR stopped it early, highlighting mshta alerts and proactive defense value. 𝕏
Persistent threat due to recycled tradecraft; expect AI lures soon—bolster phishing training now. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#Horabot #Horabot malware #Mexico banking trojan #Mexico malware campaign #Sapecar #Sapecar campaign #banking trojan #polymorphic VBS #threat hunting

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Securelist Kaspersky

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

GoPix: Brazil's Sneaky Banking Trojan Squatting in Your RAM

RSAC 2026: AI's Cyber Arms Race Accelerates — But Who's Winning?

Casbaneiro Gang's Sneaky Dynamic PDFs Hit Enterprises in LatAm and Europe

Mobile Malware's 2025 Firmware Takeover: Backdoors Baked Right In

Stay in the loop