Security News > 2023 > March > Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen
A banking trojan dubbed Mispadu has been linked to multiple spam campaigns targeting countries like Bolivia, Chile, Mexico, Peru, and Portugal with the goal of stealing credentials and delivering other payloads.
"One of their main strategies is to compromise legitimate websites, searching for vulnerable versions of WordPress, to turn them into their command-and-control server to spread malware from there, filtering out countries they do not wish to infect, dropping different type of malware based on the country being infected," researchers Fernando García and Dan Regalado said.
The RAR or ZIP archive, when launched, is designed to make use of rogue digital certificates - one which is the Mispadu malware and the other, an AutoIT installer - to decode and execute the trojan by abusing the legitimate certutil command-line utility.
Mispadu is equipped to gather the list of antivirus solutions installed on the compromised host, siphon credentials from Google Chrome and Microsoft Outlook, and facilitate the retrieval of additional malware.
What's more, the malware utilizes malicious overlay screens to obtain credentials associated with online banking portals and other sensitive information.
Metabase Q noted that the certutil approach has allowed Mispadu to bypass detection by a wide range of security software and harvest over 90,000 bank account credentials from over 17,500 unique websites.
News URL
https://thehackernews.com/2023/03/mispadu-banking-trojan-targets-latin.html