Water Makara, a threat actor group, is targeting enterprises in Brazil with a spear phishing campaign using the Astaroth banking malware. The attackers employ obfuscated JavaScript to bypass security defenses, often impersonating official tax documents to trick users. The campaign primarily affects manufacturing companies, retail firms, and government agencies. The attack chain involves malicious ZIP files containing LNK files that execute JavaScript commands, establishing connections to a C&C server. The malware uses domain generation algorithms and various file extensions to spread. This campaign highlights the importance of user awareness, security training, and robust cybersecurity measures to mitigate such threats.