The Mispadu Stealer is an infostealer that has been targeting Spanish- and Portuguese-speaking victims in Latin America since 2019 [3]. Researchers from Unit 42 have recently discovered a new variant of this malware that exploits a SmartScreen vulnerability in Windows [3].
Description
This new variant of Mispadu Stealer allows attackers to bypass the SmartScreen warning system by creating a specially designed internet shortcut file or hyperlink. By doing so, they can direct victims to a malicious payload [3]. Similar to previous versions [3], this variant also uses SQLite for credential extraction. It specifically targets users in Mexico and has already harvested over 90,000 bank account credentials [2], posing a significant threat. Additionally, another malware variant called Phemedrone Stealer also exploits the same SmartScreen flaw to extract sensitive data from web browsers [1], cryptocurrency wallets [1], and messaging platforms [1]. The stolen information is then sent to attackers via Telegram or a command and control server [1]. These Mispadu attacks are attributed to a financially-motivated group known as TA558 [2].
Conclusion
The resurgence of Mispadu highlights the need for a comprehensive and vigilant approach to cybersecurity in the LATAM region and beyond [4]. To protect themselves, users should keep their software updated, exercise caution with emails [4], implement network security measures [4], and educate themselves on the latest threats. Staying informed about the latest threat intelligence and deploying robust endpoint protection are crucial for defending against evolving threats like Mispadu Stealer [3].
References
[1] https://telegraph247.com/tech/this-devious-new-trojan-is-exposing-a-flaw-in-windows-smartscreen-to-empty-victims-bank-accounts/
[2] https://thehackernews.com/2024/02/new-mispadu-banking-trojan-exploiting.html
[3] https://securityonline.info/new-variant-of-mispadu-stealer-is-exploiting-cve-2023-36025-vulnerability/
[4] https://www.rivitmedia.com/cyberthreats/trojans/mispadu-trojans-cve-2023-36025-windows-flaw/
