- ITDM 2025 전망 | “비전을 품은 기술 투자, 모두가 주춤한 시기에 진가 발휘할 것” 컬리 박성철 본부장
- 최형광 칼럼 | 2025 CES @혁신기술 리터러시
- The Model Context Protocol: Simplifying Building AI apps with Anthropic Claude Desktop and Docker | Docker
- This robot vacuum and mop performs as well as some flagship models - but at half the price
- Finally, a ThinkPad model that checks all the boxes for me as a working professional
Mispadu Trojan Steals 90,000+ Banking Credentials From Latin American Victims
Twenty different spam campaigns relying on the Mispadu banking Trojan were discovered targeting victims in Chile, Mexico, Peru and Portugal.
The findings, which show 90,518 credentials stolen from a total of 17,595 unique websites, come from the Ocelot Team of Latin American cybersecurity firm Metabase Q.
These included a number of government websites: 105 in Chile, 431 in Mexico and 265 in Peru.
“By looking at the techniques, tactics and arsenal used during these campaigns, there is no doubt, it is very similar to the banking Trojan Mispadu, but with new components not seen before,” wrote Metabase Q security researchers Fernando Garcia and Dan Regalado.
According to their recently published advisory, Mispadu features new techniques to facilitate infection and maintain persistence. These include fake certificates to obfuscate initial stage malware and a new .NET-based backdoor enabling screenshots of target victims, as well as the sending of phony pop-up windows to prompt them to click on specific links.
Further, the upgraded version of the Mispadu banking Trojan comes with a new backdoor programmed using Rust that, according to Metabase Q, is still poorly handled by endpoint protection tools.
Read more on Rust here: Agenda Ransomware Switches to Rust to Attack Critical Infrastructure
“Although Mispadu campaigns were able to compromise thousands of users, the infection rate of corporate users (that normally have a combination of an Antivirus and an EDR/XDR) is still very low,” Garcia and Regalado clarified.
“However, organizations need to assume that sooner or later an employee will be compromised, and therefore, work on a strategy that can help to reduce the time to detect and respond to these threats while improving [the] SOC’s monitoring, detection and response capabilities.”
Another backdoor recently used to target Latin American victims is DTrack, which was reportedly deployed by the North Korean Lazarus group.