Therefore, I think that it aims to collect more data about users than stealing their balances. It is better to have a separate device that you use it to conduct banking transactions/connect to cryptocurrency exchanges and not to click on unknown links or download any file.
Based on the article above, the main payload allows the malware to collect data from browsers and e-mail messages. So the goal is definitely to steal sensitive data. 2FA might help but if they use a browser add-on to manage their 2FA it might be useless. Not to mention if the services they use only support verification from e-mail messages. Using a different device to manage 2FA probably helps a little bit, but it is still a waste since your passwords and other sensitive data might already be in the attacker's hands. CMIIW. 
Topic: Mispadu - banking trojan and infostealer target crypto exchanges across LATAM (Read 73 times)
April 05, 2024, 09:36:11 AM
April 05, 2024, 06:25:11 AM
I think that most cryptocurrency exchanges require two-factor authentication, so even if this trojan was able to obtain information such as email and password, it still needs a two-factor authentication code to log into the account. Therefore, I think that it aims to collect more data about users than stealing their balances. It is better to have a separate device that you use it to conduct banking transactions/connect to cryptocurrency exchanges and not to click on unknown links or download any file.
Yes, but we all know that this scammers might as well get over the 2FA, How Attackers Bypass Two-factor Authentication (2FA).
So there is still a possibility that we can lose our money with this infostealer that goes after our exchanges data.
But I do agree, we can't stress that enough, we should have at least separate device for our crypto and banking transactions so prevent this kind of attack.
April 05, 2024, 06:12:03 AM
I think that most cryptocurrency exchanges require two-factor authentication, so even if this trojan was able to obtain information such as email and password, it still needs a two-factor authentication code to log into the account. Therefore, I think that it aims to collect more data about users than stealing their balances. It is better to have a separate device that you use it to conduct banking transactions/connect to cryptocurrency exchanges and not to click on unknown links or download any file.
Yes cryptocurrency exchanges require two-facto authentication for confirmation of every transaction made , so if it only get information about user password and email then I will consider it as a phisher but I don't think this 2-facto authentication is compulsory so advice and awareness should also be created towards the usage of two-facto authentication which should not be limited to Exchange in the first place. 
April 04, 2024, 10:06:46 PM
I think that most cryptocurrency exchanges require two-factor authentication, so even if this trojan was able to obtain information such as email and password, it still needs a two-factor authentication code to log into the account. Therefore, I think that it aims to collect more data about users than stealing their balances. It is better to have a separate device that you use it to conduct banking transactions/connect to cryptocurrency exchanges and not to click on unknown links or download any file.
April 04, 2024, 11:18:32 AM
~
In short, if i could interpret this clearly that this phishing attack is being done through electronic mail , then i think we would all agree that we need to stop(if we are used to it ) downloading attachment from an unknown or unverified source as it could be an attack and my cost you fortune or maybe debt 
April 04, 2024, 07:00:25 AM
Any form of attack can spread across the world, mostly on regions where it is not being predominant, this will make them achieve their goals in seeing that they have a larger coverage to the areas being affected of their evil activities, we should have the intention of getting informations from reliable sources daily, in other to help us get informed on the recent mode of attack scammers are using to steal from people, information is our first security measures.
April 04, 2024, 06:36:53 AM
Mispadu, a supposedly banking trojan and infostealer that targets LATAM has evolved itself and now venturing not just in that region but other European as well and it also includes crypto exchanges in their crosshair.
Sample phishing email sent by the threat actor, which include a PDF attachment that contains the malware as it will download a ZIP file through a URL shortener service.
Below are the target crypto exchanges,
And this is the two Bitcoin addresses associated with the cyber criminals,
The first address has close to 1 BTC already.
https://blog.morphisec.com/mispadu-infiltration-beyond-latam
Sample phishing email sent by the threat actor, which include a PDF attachment that contains the malware as it will download a ZIP file through a URL shortener service.
Below are the target crypto exchanges,
And this is the two Bitcoin addresses associated with the cyber criminals,
- bc1qn5fwarp0wesjahyaavj3zpzawsh3mp0mpuw94n
- bc1qzcdrhp30eztexrmyvz5dwuyzzqyylq5muuyllf
The first address has close to 1 BTC already.
Quote
This address has transacted 62 times on the Bitcoin blockchain. It has received a total of 0.82939740 BTC $55,022.77 and has sent a total of 0.82937010 BTC $55,020.96 The current value of this address is 0.00002730 BTC $1.81.
https://blog.morphisec.com/mispadu-infiltration-beyond-latam
Jump to: