Case Studyautoitbanking trojanthreat hunting
Horabot Campaign Exploits AutoIt To Deploy Banking Trojan
|
8.3
Kaspersky's MDR team identified and analyzed a persistent Horabot campaign a few months ago, which uses fake CAPTCHA lures to execute chained HTA/VBScript loaders and server-side polymorphism. The operation deploys AutoIt components that decrypt an in-memory Delphi banking Trojan (Casbaneiro/Zusy) and exfiltrates host data to exposed C2 infrastructure, with over 5,384 victims logged since May 2025, mainly in Mexico (≈93%).
Scoring Rationale
Strong actionable telemetry and official MDR validation drive a high score, limited by moderate novelty over prior Horabot research.
Practice with real Banking data
90 SQL & Python problems · 15 industry datasets
Used by DS/ML engineers at top companies
Suspicious Online TransactionsEasyDelinquent Loans Over 30 DaysMediumCredit Card Utilization Risk ReportHard
250 free problems · No credit card
See all Banking problems
