Global cybersecurity firm Kaspersky has drawn attention to an active malware operation targeting Latin America and the wider difficulties organizations face in safeguarding their supply chains against cyber intrusions. The company’s Managed Detection and Response specialists have uncovered a renewed assault utilizing Horabot malware, which traces its roots to Brazil.
This multifaceted threat merges banking trojan functionality with mechanisms for propagating via email and an elaborate sequence of infection stages.
Investigators located a publicly accessible database maintained by the perpetrators, cataloging 5,384 affected devices, of which 93% were situated in Mexico.
Records in the database extend back to May 2025.Infection typically commences through a bogus CAPTCHA interface on a website.
Users are prompted to launch the Windows Run dialog box and enter a particular command line that activates the harmful code.
The subsequent process involves extensive code obfuscation techniques to evade detection, cleanup of temporary files, termination of specific applications, and the deployment of PowerShell and VBScript components for further execution.
The payload proceeds to harvest system information—including IP details, operating system data, and locale—before relaying it to remote servers.
A key component is a Delphi-developed banking trojan that presents forged dialog boxes imitating popular banking brands to trick users into disclosing account credentials.
The malware further facilitates its own distribution by harvesting email contacts from compromised systems and dispatching targeted phishing messages.
These communications, often featuring Spanish-language PDF attachments purporting to be invoices or private documents, originate from the infected users’ accounts to boost credibility.
Although identified by the security community previously, Horabot demonstrates continued activity and refinement in 2026, with enhancements to its encryption methods and protocol management.
Parallel to these targeted campaigns, Kaspersky conducted an international poll involving 1,714 IT security specialists from large enterprises in 16 countries.
The findings reveal that a deficiency in expert cybersecurity personnel, alongside the pressure to manage competing security demands, represents a primary hindrance to effective defense against supply chain and third-party attacks.
Approximately 42% of participants highlighted these workforce-related issues.
Notably, around one-third of surveyed organizations suffered supply chain breaches within the last year.
A significant 85% acknowledged the necessity to strengthen their defenses in this area, yet merely 15% expressed satisfaction with existing protections.
This lack of confidence is particularly pronounced in several major economies.
Additional challenges encompass ambiguous security stipulations in vendor agreements (noted by 39%) and limited comprehension of these risks by staff outside dedicated security roles (32%).
Implementation of even fundamental controls like multi-factor authentication stands at only 38%, while routine evaluations of partners’ security measures are performed by just 35% of firms.
The survey underscores pronounced talent gaps in nations including Mexico, Vietnam, the UAE, and Spain—coinciding with Mexico’s prominence as a victim in the Horabot incidents.
Industry professionals emphasize the importance of adopting external support through managed detection and response platforms to supplement internal capabilities, pursuing advanced training initiatives for teams, meticulously assessing potential suppliers’ security practices before engagement, incorporating stringent security clauses into contracts, and promoting joint security efforts throughout business ecosystems.
Such measures can significantly bolster protection against evolving threats like Horabot and mitigate systemic supply chain vulnerabilities.