April 3, 2024 at 05:45AM
The Mispadu banking trojan expands its target beyond Latin America to Italy, Poland, and Sweden. Despite this, Mexico remains the primary target, resulting in thousands of stolen credentials. The malware is distributed via spam emails and leverages a Windows SmartScreen security flaw. Additionally, malicious YouTube videos are being used to propagate information stealers.
Summary of Meeting Notes:
– Mispadu, a banking trojan, has expanded its target beyond Latin America to include Italy, Poland, and Sweden, with Mexico remaining the primary target.
– The ongoing campaign has targeted entities in finance, services, manufacturing, law, and commercial facilities, resulting in thousands of stolen credentials used for malicious phishing emails.
– Mispadu is distributed via spam emails and has leveraged a now-patched Windows SmartScreen security bypass flaw to compromise users in Mexico.
– The infection sequence involves a multi-stage process using various scripts and payloads, with heavily obfuscated components.
– The attacks also involve the use of two distinct command-and-control servers, one for fetching payloads and another for exfiltrating stolen credentials from over 200 services.
– Additionally, the meeting notes highlight the use of YouTube channels promoting cracked and pirated video games as a conduit to deliver information stealers.
For more exclusive content, follow us on Twitter and LinkedIn.