|
Title: Mispadu - banking trojan and infostealer target crypto exchanges across LATAM Post by: Jating on April 04, 2024, 10:36:53 AM Mispadu, a supposedly banking trojan and infostealer that targets LATAM has evolved itself and now venturing not just in that region but other European as well and it also includes crypto exchanges in their crosshair.
Sample phishing email sent by the threat actor, which include a PDF attachment that contains the malware as it will download a ZIP file through a URL shortener service. https://www.talkimg.com/images/2024/04/04/Vr89b.png Below are the target crypto exchanges, https://www.talkimg.com/images/2024/04/04/VrbXv.png And this is the two Bitcoin addresses associated with the cyber criminals,
The first address has close to 1 BTC already. Quote This address has transacted 62 times on the Bitcoin blockchain. It has received a total of 0.82939740 BTC $55,022.77 and has sent a total of 0.82937010 BTC $55,020.96 The current value of this address is 0.00002730 BTC $1.81. https://blog.morphisec.com/mispadu-infiltration-beyond-latam Title: Re: Mispadu - banking trojan and infostealer target crypto exchanges across LATAM Post by: Aanuoluwatofunmi on April 04, 2024, 11:00:25 AM Any form of attack can spread across the world, mostly on regions where it is not being predominant, this will make them achieve their goals in seeing that they have a larger coverage to the areas being affected of their evil activities, we should have the intention of getting informations from reliable sources daily, in other to help us get informed on the recent mode of attack scammers are using to steal from people, information is our first security measures.
Title: Re: Mispadu - banking trojan and infostealer target crypto exchanges across LATAM Post by: promise444c5 on April 04, 2024, 03:18:32 PM ~ In short, if i could interpret this clearly that this phishing attack is being done through electronic mail , then i think we would all agree that we need to stop(if we are used to it ) downloading attachment from an unknown or unverified source as it could be an attack and my cost you fortune or maybe debt :PTitle: Re: Mispadu - banking trojan and infostealer target crypto exchanges across LATAM Post by: hugeblack on April 05, 2024, 02:06:46 AM I think that most cryptocurrency exchanges require two-factor authentication, so even if this trojan was able to obtain information such as email and password, it still needs a two-factor authentication code to log into the account. Therefore, I think that it aims to collect more data about users than stealing their balances. It is better to have a separate device that you use it to conduct banking transactions/connect to cryptocurrency exchanges and not to click on unknown links or download any file.
Title: Re: Mispadu - banking trojan and infostealer target crypto exchanges across LATAM Post by: promise444c5 on April 05, 2024, 10:12:03 AM I think that most cryptocurrency exchanges require two-factor authentication, so even if this trojan was able to obtain information such as email and password, it still needs a two-factor authentication code to log into the account. Therefore, I think that it aims to collect more data about users than stealing their balances. It is better to have a separate device that you use it to conduct banking transactions/connect to cryptocurrency exchanges and not to click on unknown links or download any file. Yes cryptocurrency exchanges require two-facto authentication for confirmation of every transaction made , so if it only get information about user password and email then I will consider it as a phisher but I don't think this 2-facto authentication is compulsory so advice and awareness should also be created towards the usage of two-facto authentication which should not be limited to Exchange in the first place.Title: Re: Mispadu - banking trojan and infostealer target crypto exchanges across LATAM Post by: Dave1 on April 05, 2024, 10:25:11 AM I think that most cryptocurrency exchanges require two-factor authentication, so even if this trojan was able to obtain information such as email and password, it still needs a two-factor authentication code to log into the account. Therefore, I think that it aims to collect more data about users than stealing their balances. It is better to have a separate device that you use it to conduct banking transactions/connect to cryptocurrency exchanges and not to click on unknown links or download any file. Yes, but we all know that this scammers might as well get over the 2FA, How Attackers Bypass Two-factor Authentication (2FA). (https://zitadel.com/blog/2fa-bypass-attacks) So there is still a possibility that we can lose our money with this infostealer that goes after our exchanges data. But I do agree, we can't stress that enough, we should have at least separate device for our crypto and banking transactions so prevent this kind of attack. Title: Re: Mispadu - banking trojan and infostealer target crypto exchanges across LATAM Post by: joniboini on April 05, 2024, 01:36:11 PM Therefore, I think that it aims to collect more data about users than stealing their balances. It is better to have a separate device that you use it to conduct banking transactions/connect to cryptocurrency exchanges and not to click on unknown links or download any file. Based on the article above, the main payload allows the malware to collect data from browsers and e-mail messages. So the goal is definitely to steal sensitive data. 2FA might help but if they use a browser add-on to manage their 2FA it might be useless. Not to mention if the services they use only support verification from e-mail messages. Using a different device to manage 2FA probably helps a little bit, but it is still a waste since your passwords and other sensitive data might already be in the attacker's hands. CMIIW. |
