Mispadu

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Mispadu is a malicious software (malware) that has been used to exploit and damage computer systems, often infiltrating the system through suspicious downloads, emails, or websites. It was first uncovered by Eset in 2019, who detailed its theft of money and credentials from Spanish- and Portuguese-speaking victims. The malware identifies the victim's Windows version, performs an HTTP/HTTPS check-in to a remote command-and-control server, and interacts with the victim's browser history via SQLite. In recent developments, Mispadu has been implicated in a large-scale cyber attack across Latin America. In a series of spam campaigns that have been ongoing since August, the malware, also known as URSA, has exfiltrated more than 90,000 bank account credentials across 17,500 websites in Mexico, Chile, Bolivia, Peru, and Portugal, according to reports from The Hacker News. These attacks were reported in March 2023 by SC Magazine and Infosecurity, revealing that Mispadu had been utilized in 20 different spam campaigns targeting victims in these regions. Furthermore, there have been instances where Mispadu exploited a security flaw in Windows SmartScreen (CVE-2023-36025), which allowed it to deliver other types of malware such as Phemedrone Stealer and DarkGate. This bypass flaw, which has now been patched, was used by threat actors to facilitate payload deployment. The last observation of Mispadu exploiting this vulnerability was made by Cisco Talos in September 2023.
What's your take? (Question 1 of 5)
a1907523-9be7-4063-8e2c-414bc4660bf0 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Trojan
Spam
Windows
Vulnerability
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-36025Unspecified
2
CVE-2023-36025 is a significant vulnerability, representing a flaw in the design or implementation of Microsoft's Windows SmartScreen security feature. This vulnerability was discovered as one of three zero-days affecting Microsoft Windows and Server. The exploit begins with the execution of a malic
Source Document References
Information about the Mispadu Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Unit42
4 months ago
Exploring the Latest Mispadu Stealer Variant
InfoSecurity-magazine
a year ago
Mispadu Trojan Steals 90,000+ Banking Credentials From Latin American Victims
CERT-EU
a year ago
Over 90K credentials stolen by Mispadu trojan in LatAm attacks
CERT-EU
3 months ago
TimbreStealer Malware Targets Mexican Victims with Tax-Related Lures
BankInfoSecurity
4 months ago
New Banking Trojan Exploits Patched Windows SmartScreen Flaw
DARKReading
4 months ago
Fresh 'Mispadu Stealer' Variant Emerges
CERT-EU
a year ago
More than $1.6M stolen in General Bytes hack
CERT-EU
a year ago
Ukraine targeted by novel malware attacks
CERT-EU
a year ago
Linux SSH servers targeted by novel ShellBot malware variants
CERT-EU
3 months ago
CVE-2024-21412 Used in DarkGate Malware Campaigns
CERT-EU
2 months ago
Malware Alert - Increasing Trend of DarkGate Malware Attacks Exploiting Microsoft Windows SmartScreen's Critical Vulnerability