A new phishing campaign targeting Mexican citizens with financial lures has been discovered by Cisco Talos. Using Mexican tax-related lures, the spam emails distribute a new obfuscated information stealer that Cisco Talos called “TimbreStealer.” In this new campaign, which has been active since November 2023, the threat actor directs users to a compromised website where the TimbreStealer payload is hosted and tricks them into executing the malicious application.

Source: Infosecurity