Hamla dial Phishing "Casbaneiro": Mujrimin indomniya men l-Brazil kay-stahdfu Amrika l-Latiniya u l-Europe b’milafat PDF mu3aqqada - صفحة 1

Hamla dial Phishing "Casbaneiro": Mujrimin indomniya men l-Brazil kay-stahdfu Amrika l-Latiniya u l-Europe b’milafat PDF mu3aqqada - صفحة 2

Hamla dial Phishing "Casbaneiro": Mujrimin indomniya men l-Brazil kay-stahdfu Amrika l-Latiniya u l-Europe b’milafat PDF mu3aqqada

02 أبريل 2026

Malware / Windows Security

حمّل المانغا PDF اقرا الأصل

Hamla dial Phishing "Casbaneiro": Mujrimin indomniya men l-Brazil kay-stahdfu Amrika l-Latiniya u l-Europe b’milafat PDF mu3aqqada

TL;DR (L-khulasa)

Wahed l-majmou3a dial l-jarima l-iliktroniya s-braziliya smitha Augmented Marauder (aw Water Saci) dayra hamla dial phishing (nasb) mtwra bzhaf. Had l-group kay-khdem b-wahed l-moteur dial khatf l-izahat (email-hijacking) u kay-sawb milafat PDF dynamikiya bach y-ncher virus Casbaneiro (banking trojan) u virus Horabot f'Amrika l-Latiniya u l-Europe, khousousan l-mustakhdimin li kay-hderu b’s-spanyoliya b-sti3mal hiyal dial l-handasa l-ijtimaiya (social engineering) 3la l-mahakim.

Nadra 3amma 3la khatar "Augmented Marauder"

Tahlil tiqni jdid daratu l-charika dial BlueVoyant k-ybayyen l-tatawwur dial l-group l-brazili Augmented Marauder. Had l-group, li hdarit 3lih Trend Micro l-metra l-oula f’Oktobar 2025, t-hawwel men l-fraude l-basiit dial t-tiqadi (retail) l-wahed l-binya tahtiya m-nadma bzhaf u qadra t-khtareq l-andima dial l-charikat l-kbaar.

Had l-group kay-khdem b-jouj tourouq dial l-hujum:

Istihdaf l-mustahlikin: Kay-khdmu b-automation dial WhatsApp b-scripts bach y-nchru l-malware b’soura sari3a bhal l-“doud” (worm).
Istihdaf l-charikat: Kay-khdmu b-hiyal mtwra dial khatf l-emails (email hijacking) u l-khid3a dial "ClickFix" bach y-khtarqu l-munaddamat f'Amrika l-Latiniya u l-Europe.

Marahil l-hujum: Men l-Phishing hta l-Virus

L-hamla kat-bda b-email dial phishing fih l-ghout (khassak t-jaweb f-asra3 waqt)—ghaliban kat-koun da3wa qada'iya men chi mahkama spanyoliya. Bach y-douzu men l’antivirus, l-hajjama kay-sifatu fichier PDF fih l-code (password).

1. Tariq l-idwa (Initial Infection)

Ghir l-dahya kay-hll l-PDF u kay-cliki 3la l-link li fih, kat-tra silsila dial l-ahedat:

Fichier ZIP kay-t-telechargi automatique.
Had l-archive fih application HTML (HTA) u payloads b’l-lugha dial VBS.
Had l-script VBS kay-qlleb bach y-chouf l-bi'a l-iliktroniya (anti-analysis), khousousan ila kan l-antivirus Avast m-installi.

2. T-hmiil l-malware 3la bzaf dial l-marahil (Multi-Stage Loading)

Ila l-bi'a d-l-pc kant "salma", l-script kay-jib l-marahil l-khra dial l-payload men server b3id. Had l-payloads fihom loaders m-sawbin b-AutoIt, li kay-kharrju u kay-khddmu milafat m-cryptya (b-extention .ia aw .at). Had l-3amaliya f-l-lakher kat-khaddem jouj dial l-anwa3 dial l-malware:

Casbaneiro (Metamorfo): Banking trojan dial Windows m-sawb b-Delphi (kay-t-khaddam b-smit staticdata.dll).
Horabot: Adat bach y-ncher l-infection u y-khtareq l-hissabat (kay-t-khaddam b-smit at.dll).

L-intichar l-dynamiki: L-moteur Horabot

Li kay-khilli had l-hamla m-khitla hya l-tariqa l-wa3ra bach m-khddmin Horabot. Hwa machi ghir payload 3adi, walakin moteur dial n-nachr:

Khatf l-emails: Horabot kay-sreq l-liistat dial l-contact men Microsoft Outlook u l-hissabat dial Yahoo, Live, u Gmail.
Sina3at PDF dynamiki: Casbaneiro kay-tasel b-server (C2) bach y-jib script PowerShell. Had l-script kay-sifet request POST l-wahed l-API PHP, li hwa li kay-sawb PDF m-protégé b-kod khass (bespoke) l-koull dahya jdida.
Taqniyat "ClickFix": F-chi marrat, l-group kay-khdem b-l-handasa l-ijtimaiya dial "ClickFix"—fien kay-khed3u l-mustakhdimin bach y-khddmu l-code l-khabit b-da3wa bghaw y-sslahu chi mouchkil f’l-browser aw f’l-affichage dial l-milaf.

L-ibtikar l-mustamirr f’3alam l-khataar

L-hajjama l-braziliyyeen baynu 3la wahed l-khiffa kbiira. Men khilal l-mouhafada 3la binya tahtiya m-doubla—WhatsApp l-l-afrad u moteur dial l-email l-l-charikat—qadru y-douzu men andima l-hamaya l-hadita.

"Had l-jam3 bin l-handasa l-ijtimaiya dial ClickFix, m3a sina3at l-PDF l-dynamikiya u l-automation dial WhatsApp, k-ybayyen l-ina daraja l-khissm dki u kay-btaker dima," hadchi li galu l-bahitin dial BlueVoyant, Thomas Elkins u Joshua Green.

Khulasa

L-hamla dial Augmented Marauder kat-t-bet bli l-banking trojans l-jwiya (regional) mabqatch khatar "basit". B-l-jam3 bin l-wata'iq l-dynamikiya u l’automation dial n-nachr f-WhatsApp u Outlook, had l-group bnaw wahed l-moteur dial t-tawzi3 qwi u khatir. L-munaddamat li 3ndhom mowaddafin kay-hderu b’s-spanyoliya f'Amrika l-Latiniya u l-Europe khasshoum y-kounou hadrin bzhaf men l-emails dial "l-mahakim" u l-milafat HTA l-machbouha.

L-masdar: The Hacker News - Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

Hamla dial Phishing "Casbaneiro": Mujrimin indomniya men l-Brazil kay-stahdfu Amrika l-Latiniya u l-Europe b’milafat PDF mu3aqqada

02 أبريل 2026

Malware / Windows Security

حمّل المانغا PDF اقرا الأصل

Hamla dial Phishing "Casbaneiro": Mujrimin indomniya men l-Brazil kay-stahdfu Amrika l-Latiniya u l-Europe b’milafat PDF mu3aqqada

TL;DR (L-khulasa)

Nadra 3amma 3la khatar "Augmented Marauder"

Had l-group kay-khdem b-jouj tourouq dial l-hujum:

Istihdaf l-mustahlikin: Kay-khdmu b-automation dial WhatsApp b-scripts bach y-nchru l-malware b’soura sari3a bhal l-“doud” (worm).
Istihdaf l-charikat: Kay-khdmu b-hiyal mtwra dial khatf l-emails (email hijacking) u l-khid3a dial "ClickFix" bach y-khtarqu l-munaddamat f'Amrika l-Latiniya u l-Europe.

Marahil l-hujum: Men l-Phishing hta l-Virus

1. Tariq l-idwa (Initial Infection)

Ghir l-dahya kay-hll l-PDF u kay-cliki 3la l-link li fih, kat-tra silsila dial l-ahedat:

Fichier ZIP kay-t-telechargi automatique.
Had l-archive fih application HTML (HTA) u payloads b’l-lugha dial VBS.
Had l-script VBS kay-qlleb bach y-chouf l-bi'a l-iliktroniya (anti-analysis), khousousan ila kan l-antivirus Avast m-installi.

2. T-hmiil l-malware 3la bzaf dial l-marahil (Multi-Stage Loading)

Casbaneiro (Metamorfo): Banking trojan dial Windows m-sawb b-Delphi (kay-t-khaddam b-smit staticdata.dll).
Horabot: Adat bach y-ncher l-infection u y-khtareq l-hissabat (kay-t-khaddam b-smit at.dll).

L-intichar l-dynamiki: L-moteur Horabot

Li kay-khilli had l-hamla m-khitla hya l-tariqa l-wa3ra bach m-khddmin Horabot. Hwa machi ghir payload 3adi, walakin moteur dial n-nachr:

Khatf l-emails: Horabot kay-sreq l-liistat dial l-contact men Microsoft Outlook u l-hissabat dial Yahoo, Live, u Gmail.
Sina3at PDF dynamiki: Casbaneiro kay-tasel b-server (C2) bach y-jib script PowerShell. Had l-script kay-sifet request POST l-wahed l-API PHP, li hwa li kay-sawb PDF m-protégé b-kod khass (bespoke) l-koull dahya jdida.
Taqniyat "ClickFix": F-chi marrat, l-group kay-khdem b-l-handasa l-ijtimaiya dial "ClickFix"—fien kay-khed3u l-mustakhdimin bach y-khddmu l-code l-khabit b-da3wa bghaw y-sslahu chi mouchkil f’l-browser aw f’l-affichage dial l-milaf.

L-ibtikar l-mustamirr f’3alam l-khataar

Khulasa

L-masdar: The Hacker News - Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures