Unknown attackers harnessed the Shellshock vulnerability, or “Bash bug,” to amass a botnet of 360 bots and launch a phishing campaign on Spanish-speaking Citibank customers.

StealthWatch Labs noted in a blog post that the majority of the bots are running Linux, and some voice over internet protocol (VoIP) devices were targeted, specifically MiVoice Office (Mitel 5000) devices. This technology could be alluring because it might not be thought of as needing a patch, according to the blog post.

Through the attackers’ commands, the bots sent more than 100,000 phishing emails in Spanish that told potential victims their Citibank card was deactivated and could be reactivated through a supplied link.

The command-and-control server for the botnet is now offline.