Another in our occasional series demystifying Latin American banking trojans
In this installment of our blog series, we will focus on Mispadu, an ambitious Latin American banking trojan that utilizes McDonald’s malvertising and extends its attack surface to web browsers.
We believe this malware family is targeting the general public. Its main goals are monetary and credential theft. In Brazil, we have seen it distributing a malicious Google Chrome extension that attempts to steal credit card data and online banking data, and that compromises the Boleto payment system.
Characteristics
Mispadu is a malware family, identified during our research of Latin American banking trojans, that targets Brazil and Mexico. It is written in Delphi and attacks its victims using the same method as the families described earlier in this series: by displaying fake pop-up windows and trying to persuade the potential victims to divulge sensitive information.
For its backdoor functionality, Mispadu can take screenshots, simulate mouse and keyboard actions, and capture keystrokes. It can update itself via a Visual Basic Script (VBS) file that it downloads and executes.
As with the other Latin American banking trojans, Mispadu also collects information about its victims, namely:
OS version
computer name
language ID
whether Diebold Warsaw GAS Tecnologia (an application, popular in Brazil, to protect access to online banking) is installed
list of installed common Latin American banking applications
list of installed security products
As in the cases of Amavaldo and Casbaneiro, Mispadu can also be identified by its use of a un ..
Support the originator by clicking the read the rest link below.
