Mispadu

Malware updated 23 days ago (2024-11-29T13:59:37.142Z)
Download STIX
Preview STIX
Mispadu is a malicious software (malware) that has been used to exploit and damage computer systems, often infiltrating the system through suspicious downloads, emails, or websites. It was first uncovered by Eset in 2019, who detailed its theft of money and credentials from Spanish- and Portuguese-speaking victims. The malware identifies the victim's Windows version, performs an HTTP/HTTPS check-in to a remote command-and-control server, and interacts with the victim's browser history via SQLite. In recent developments, Mispadu has been implicated in a large-scale cyber attack across Latin America. In a series of spam campaigns that have been ongoing since August, the malware, also known as URSA, has exfiltrated more than 90,000 bank account credentials across 17,500 websites in Mexico, Chile, Bolivia, Peru, and Portugal, according to reports from The Hacker News. These attacks were reported in March 2023 by SC Magazine and Infosecurity, revealing that Mispadu had been utilized in 20 different spam campaigns targeting victims in these regions. Furthermore, there have been instances where Mispadu exploited a security flaw in Windows SmartScreen (CVE-2023-36025), which allowed it to deliver other types of malware such as Phemedrone Stealer and DarkGate. This bypass flaw, which has now been patched, was used by threat actors to facilitate payload deployment. The last observation of Mispadu exploiting this vulnerability was made by Cisco Talos in September 2023.
Description last updated: 2024-05-04T19:48:14.381Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Trojan
Spam
Malware
Windows
Vulnerability
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2023-36025 Vulnerability is associated with Mispadu. CVE-2023-36025 is a significant vulnerability identified in the Windows SmartScreen security feature. It was one of three zero-day vulnerabilities discovered, with the others being CVE-2023-36033, a privilege escalation vulnerability in the Windows DWM Core Library, and CVE-2023-36036, another priviUnspecified
2