Mispadu

Mispadu is a malicious software (malware) that has been used to exploit and damage computer systems, often infiltrating the system through suspicious downloads, emails, or websites. It was first uncovered by Eset in 2019, who detailed its theft of money and credentials from Spanish- and Portuguese-speaking victims. The malware identifies the victim's Windows version, performs an HTTP/HTTPS check-in to a remote command-and-control server, and interacts with the victim's browser history via SQLite. In recent developments, Mispadu has been implicated in a large-scale cyber attack across Latin America. In a series of spam campaigns that have been ongoing since August, the malware, also known as URSA, has exfiltrated more than 90,000 bank account credentials across 17,500 websites in Mexico, Chile, Bolivia, Peru, and Portugal, according to reports from The Hacker News. These attacks were reported in March 2023 by SC Magazine and Infosecurity, revealing that Mispadu had been utilized in 20 different spam campaigns targeting victims in these regions. Furthermore, there have been instances where Mispadu exploited a security flaw in Windows SmartScreen (CVE-2023-36025), which allowed it to deliver other types of malware such as Phemedrone Stealer and DarkGate. This bypass flaw, which has now been patched, was used by threat actors to facilitate payload deployment. The last observation of Mispadu exploiting this vulnerability was made by Cisco Talos in September 2023.