Author

Topic: Mispadu - banking trojan and infostealer target crypto exchanges across LATAM (Read 101 times)

legendary
Activity: 2170
Merit: 1789
Therefore, I think that it aims to collect more data about users than stealing their balances. It is better to have a separate device that you use it to conduct banking transactions/connect to cryptocurrency exchanges and not to click on unknown links or download any file.
Based on the article above, the main payload allows the malware to collect data from browsers and e-mail messages. So the goal is definitely to steal sensitive data. 2FA might help but if they use a browser add-on to manage their 2FA it might be useless. Not to mention if the services they use only support verification from e-mail messages. Using a different device to manage 2FA probably helps a little bit, but it is still a waste since your passwords and other sensitive data might already be in the attacker's hands. CMIIW.
hero member
Activity: 1414
Merit: 542
I think that most cryptocurrency exchanges require two-factor authentication, so even if this trojan was able to obtain information such as email and password, it still needs a two-factor authentication code to log into the account. Therefore, I think that it aims to collect more data about users than stealing their balances. It is better to have a separate device that you use it to conduct banking transactions/connect to cryptocurrency exchanges and not to click on unknown links or download any file.

Yes, but we all know that this scammers might as well get over the 2FA, How Attackers Bypass Two-factor Authentication (2FA).

So there is still a possibility that we can lose our money with this infostealer that goes after our exchanges data.

But I do agree, we can't stress that enough, we should have at least separate device for our crypto and banking transactions so prevent this kind of attack.
sr. member
Activity: 476
Merit: 299
Learning never stops!
I think that most cryptocurrency exchanges require two-factor authentication, so even if this trojan was able to obtain information such as email and password, it still needs a two-factor authentication code to log into the account. Therefore, I think that it aims to collect more data about users than stealing their balances. It is better to have a separate device that you use it to conduct banking transactions/connect to cryptocurrency exchanges and not to click on unknown links or download any file.
Yes  cryptocurrency  exchanges require two-facto authentication  for confirmation  of every  transaction made , so if it  only  get information about user password and email  then I will consider it as a phisher but I don't  think this 2-facto authentication is compulsory  so advice and awareness should also be created towards the usage of two-facto authentication which should  not be limited  to Exchange in the first place.
legendary
Activity: 2688
Merit: 3983
I think that most cryptocurrency exchanges require two-factor authentication, so even if this trojan was able to obtain information such as email and password, it still needs a two-factor authentication code to log into the account. Therefore, I think that it aims to collect more data about users than stealing their balances. It is better to have a separate device that you use it to conduct banking transactions/connect to cryptocurrency exchanges and not to click on unknown links or download any file.
sr. member
Activity: 476
Merit: 299
Learning never stops!
~
In short, if i could interpret this clearly that this phishing attack is being done through electronic mail , then i think we would all agree that we need to stop(if we are used to it )  downloading  attachment  from an unknown or unverified source  as it could  be an attack and my cost you fortune or maybe debt  Tongue
sr. member
Activity: 672
Merit: 416
stead.builders
Any form of attack can spread across the world, mostly on regions where it is not being predominant, this will make them achieve their goals in seeing that they have a larger coverage to the areas being affected of their evil activities, we should have the intention of getting informations from reliable sources daily, in other to help us get informed on the recent mode of attack scammers are using to steal from people, information is our first security measures.
hero member
Activity: 2842
Merit: 772
Mispadu, a supposedly banking trojan and infostealer that targets LATAM has evolved itself and now venturing not just in that region but other European as well and it also includes crypto exchanges in their crosshair.

Sample phishing email sent by the threat actor, which include a PDF attachment that contains the malware as it will download a ZIP file through a URL shortener service.




Below are the target crypto exchanges,



And this is the two Bitcoin addresses associated with the cyber criminals,

  • bc1qn5fwarp0wesjahyaavj3zpzawsh3mp0mpuw94n
  • bc1qzcdrhp30eztexrmyvz5dwuyzzqyylq5muuyllf

The first address has close to 1 BTC already.

Quote
This address has transacted 62 times on the Bitcoin blockchain. It has received a total of 0.82939740 BTC $55,022.77 and has sent a total of 0.82937010 BTC $55,020.96 The current value of this address is 0.00002730 BTC $1.81.

https://blog.morphisec.com/mispadu-infiltration-beyond-latam
Jump to: