Mispadu - banking trojan and infostealer target crypto exchanges across LATAM

[Jating]

Mispadu, a supposedly banking trojan and infostealer that targets LATAM has evolved itself and now venturing not just in that region but other European as well and it also includes crypto exchanges in their crosshair.

Sample phishing email sent by the threat actor, which include a PDF attachment that contains the malware as it will download a ZIP file through a URL shortener service.




Below are the target crypto exchanges,



And this is the two Bitcoin addresses associated with the cyber criminals,

• bc1qn5fwarp0wesjahyaavj3zpzawsh3mp0mpuw94n
• bc1qzcdrhp30eztexrmyvz5dwuyzzqyylq5muuyllf

The first address has close to 1 BTC already.

This address has transacted 62 times on the Bitcoin blockchain. It has received a total of 0.82939740 BTC $55,022.77 and has sent a total of 0.82937010 BTC $55,020.96 The current value of this address is 0.00002730 BTC $1.81.

https://blog.morphisec.com/mispadu-infiltration-beyond-latam

[1714812964]

1714812964

[1714812964]

1714812964

[1714812964]

1714812964

[1714812964]

1714812964

[Aanuoluwatofunmi]

Any form of attack can spread across the world, mostly on regions where it is not being predominant, this will make them achieve their goals in seeing that they have a larger coverage to the areas being affected of their evil activities, we should have the intention of getting informations from reliable sources daily, in other to help us get informed on the recent mode of attack scammers are using to steal from people, information is our first security measures.

[promise444c5]

~

In short, if i could interpret this clearly that this phishing attack is being done through electronic mail , then i think we would all agree that we need to stop(if we are used to it )  downloading  attachment  from an unknown or unverified source  as it could  be an attack and my cost you fortune or maybe debt 

[hugeblack]

I think that most cryptocurrency exchanges require two-factor authentication, so even if this trojan was able to obtain information such as email and password, it still needs a two-factor authentication code to log into the account. Therefore, I think that it aims to collect more data about users than stealing their balances. It is better to have a separate device that you use it to conduct banking transactions/connect to cryptocurrency exchanges and not to click on unknown links or download any file.

[promise444c5]

I think that most cryptocurrency exchanges require two-factor authentication, so even if this trojan was able to obtain information such as email and password, it still needs a two-factor authentication code to log into the account. Therefore, I think that it aims to collect more data about users than stealing their balances. It is better to have a separate device that you use it to conduct banking transactions/connect to cryptocurrency exchanges and not to click on unknown links or download any file.

Yes  cryptocurrency  exchanges require two-facto authentication  for confirmation  of every  transaction made , so if it  only  get information about user password and email  then I will consider it as a phisher but I don't  think this 2-facto authentication is compulsory  so advice and awareness should also be created towards the usage of two-facto authentication which should  not be limited  to Exchange in the first place.

[Dave1]

I think that most cryptocurrency exchanges require two-factor authentication, so even if this trojan was able to obtain information such as email and password, it still needs a two-factor authentication code to log into the account. Therefore, I think that it aims to collect more data about users than stealing their balances. It is better to have a separate device that you use it to conduct banking transactions/connect to cryptocurrency exchanges and not to click on unknown links or download any file.

Yes, but we all know that this scammers might as well get over the 2FA, How Attackers Bypass Two-factor Authentication (2FA).

So there is still a possibility that we can lose our money with this infostealer that goes after our exchanges data.

But I do agree, we can't stress that enough, we should have at least separate device for our crypto and banking transactions so prevent this kind of attack.

[joniboini]

Therefore, I think that it aims to collect more data about users than stealing their balances. It is better to have a separate device that you use it to conduct banking transactions/connect to cryptocurrency exchanges and not to click on unknown links or download any file.

Based on the article above, the main payload allows the malware to collect data from browsers and e-mail messages. So the goal is definitely to steal sensitive data. 2FA might help but if they use a browser add-on to manage their 2FA it might be useless. Not to mention if the services they use only support verification from e-mail messages. Using a different device to manage 2FA probably helps a little bit, but it is still a waste since your passwords and other sensitive data might already be in the attacker's hands. CMIIW.