"Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen"

Mispadu, a banking Trojan, has been linked to several spam campaigns aimed at Bolivia, Chile, Mexico, Peru, and Portugal with the goal of stealing credentials and distributing other payloads. The activity, which began in August 2022, is ongoing, according to a report released by Ocelot Team from the Latin American cybersecurity company Metabase Q. Mispadu, also known as URSA, was first described by ESET in November 2019, detailing its capabilities to steal money and credentials and function as a backdoor by taking screenshots and recording keystrokes. Researchers Fernando Garca and Dan Regalado said that one of Mispadu's primary strategies is to compromise legitimate websites, searching for vulnerable versions of WordPress in order to turn them into their command-and-control (C2) server and spread the malware. The threat actors filter out countries they do not wish to infect and drop different types of malware based on the country infected. It is also similar to other banking Trojans that target the region, such as Grandoreiro, Javali, and Lampion. This article continues to discuss researchers' findings regarding the Mispadu banking Trojan.

THN reports "Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen"