PhishMe Intelligence™ has uncovered a phishing campaign that delivers a new loader/browser plugin combination that we have dubbed Vulture Stealer. Vulture Stealer is a two-stage data stealer that includes a version of Banload banking trojan malware. However, paired with an extensive secondary stealer it can target and gather information beyond Banload’s reach within Google Chrome—effectively gathering any information entered within the compromised Chrome browser. This campaign, which uses Portuguese-language phishing messages, may be targeting Brazilian banks and their customers. This is the first time PhishMe® has observed Banload coupled with a malicious browser extension.