Cybercrime , Finance & Banking , Fraud Management & Cybercrime

New Banking Trojan Exploits Patched Windows SmartScreen Flaw

Mispadu Trojan Is Compromising Windows Security, Posing Threat to Banking Systems
New Banking Trojan Exploits Patched Windows SmartScreen Flaw
Image: Shutterstock

The novel variant of the banking Trojan Mispadu is targeting Latin American countries, especially Mexico, by exploiting a flaw in Windows SmartScreen.

See Also: The Healthcare CISO’s Guide to Medical IoT Security

Researchers at Unit42 found the updated Trojan now exploits a Windows SmartScreen bypass vulnerability tracked as CVE-2023-36025 that Microsoft patched in November 2023.

Eset first uncovered the Mispadu Stealer in 2019 and detailed how it had stolen money and credentials from Spanish- and Portuguese-speaking victims.

The latest distribution method involves spam emails that deliver deceptive URLs that circumvent the activation of a SmartScreen banner warning about running the potentially dangerous file.

Unit 42 researchers in November 2023 identified a .url file executing a command to retrieve and execute a malicious binary. This file path, embedded within a zip archive downloaded by the Microsoft Edge browser, illustrates the Trojan's ability to target victims through various distribution methods, including email attachments or downloads from malicious websites.

The researchers also found that the Trojan's development had evolved and that it could selectively decrypt strings, check time zone differences and target specific regions globally.

The Mispadu Trojan identifies the victim's Windows version, performs an HTTP/HTTPS check-in to a remote command-and-control server and interacts with the victim's browser history via SQLite. It also copies browser history databases, executes queries against them and checks URLs against a targeted list using prebuilt SHA256 hashes.

The targeted URLs primarily belong to financial institutions and organizations related to cryptocurrency, and the focus is on Latin American countries, particularly Mexico.

The researchers said the campaign has also spread to other European regions that previously had not been targeted.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.