Teacher
Professional
- Messages
- 2,670
- Reaction score
- 783
- Points
- 113
Hackers have found a new way to steal the financial data of Mexicans.
Specialists of Palo Alto Networks Unit 42 have identified attacks on users of the Icsi, carried out using the Mispadu Trojan, aimed at stealing bank data. The virus, first detected in 2019, spreads through phishing messages and exploits a vulnerability in Windows SmartScreen that was fixed in November 2023.
Mispadu, developed in the Delphi programming language, actively attacks users in Latin America. Since August 2022, at least 90,000 bank credentials have been stolen through spam campaigns. The Trojan is part of a large family of malicious programs designed to steal data from bank accounts in Latin America.
The new infection method identified by Unit 42 involves the use of fake Internet shortcuts in ZIP archives that exploit the vulnerability CVE-2023-36025 (CVSS score: 8.8). The exploit bypasses SmartScreen protection by creating specially designed files with Internet shortcuts pointing to network resources of intruders, instead of regular URLs.
After launching, Mispadu determines the geographical location and configuration of the victim's system, and then establishes communication with the Command and Control Server (C2) for further data exfiltration.
Microsoft released a security update in November to address a critical zero-day vulnerability in the SmartScreen protection technology CVE-2023-36025 in the Windows operating system. However, the exploit was already used by hackers before the update was released to bypass SmartScreen protection and inject malicious code past security checks in Windows Defender.
Specialists of Palo Alto Networks Unit 42 have identified attacks on users of the Icsi, carried out using the Mispadu Trojan, aimed at stealing bank data. The virus, first detected in 2019, spreads through phishing messages and exploits a vulnerability in Windows SmartScreen that was fixed in November 2023.
Mispadu, developed in the Delphi programming language, actively attacks users in Latin America. Since August 2022, at least 90,000 bank credentials have been stolen through spam campaigns. The Trojan is part of a large family of malicious programs designed to steal data from bank accounts in Latin America.
The new infection method identified by Unit 42 involves the use of fake Internet shortcuts in ZIP archives that exploit the vulnerability CVE-2023-36025 (CVSS score: 8.8). The exploit bypasses SmartScreen protection by creating specially designed files with Internet shortcuts pointing to network resources of intruders, instead of regular URLs.
After launching, Mispadu determines the geographical location and configuration of the victim's system, and then establishes communication with the Command and Control Server (C2) for further data exfiltration.
Microsoft released a security update in November to address a critical zero-day vulnerability in the SmartScreen protection technology CVE-2023-36025 in the Windows operating system. However, the exploit was already used by hackers before the update was released to bypass SmartScreen protection and inject malicious code past security checks in Windows Defender.
