BlueVoyant researchers have uncovered a broad, multi-pronged phishing campaign targeting Spanish-speaking users in organizations across Latin America and now Europe as well. While recent industry intelligence heavily documented attacks utilizing WhatsApp to deliver banking trojans under the umbrella of the Brazil-based eCrime group Augmented Marauder (a.k.a. Water Saci), the BlueVoyant Threat Fusion Cell (TFC) identified concurrent, ongoing attack activity showing this threat group employs a wider-ranging attack model focused on a bespoke delivery and propagation mechanism that includes WhatsApp, ClickFix techniques and email-centric phishing. This in-depth analysis shows how Augmented Marauder is simultaneously deploying Horabot to deliver the Casbaneiro (a.k.a. Metamorfo) banking trojan through a comprehensive phishing operation targeting Latin America that has also extended its attacks to users in Spain.