A new phishing campaign targeting Spanish-speaking victims has been delivering the Poco RAT since February 2024, primarily affecting the mining, manufacturing, hospitality, and utilities sectors. According to Cofense, the campaign uses finance-themed phishing emails containing URLs or HTML/PDF attachments leading to a 7-Zip archive on Google Drive, which, once executed, installs the Delphi-based Poco RAT. The malware focuses on anti-analysis, C2 communication, and payload delivery. The campaign highlights the increasing sophistication of phishing tactics, including the use of legitimate services to bypass secure email gateways.