This devious new trojan is exposing a flaw in Windows SmartScreen to drain victims bank accounts
Palo Alto Networks’ cybersecurity research arm Unit 42 recently discovered a new malware variant targeting users via a vulnerability in Windows SmartScreen
Mispadu is an infostealer built on Delphi, looking to extract sensitive information from victim endpoints, including banking details.
Last year Mispadu’s operators harvested roughly 90,000 bank account credentials, The Hacker News claimss, citing Metabase Q reports.
Mispadu is after your data
Mispadu works by exploiting a flaw tracked as CVE-2023-36025. It is a high-severity bypass flaw found in Windows SmartScreen that Microsoft fixed in November last year. It has a severity score of 8.8. The hackers abuse the flaw by creating a custom .URL file, or a hyperlink, which then points to a malicious file that can work around SmartScreen’s warnings.
SmartScreen is an anti-malware component, running from the cloud, which comes with multiple Microsoft products, from Windows 8 onward, and including Edge.
“This exploit revolves around the creation of a specifically crafted internet shortcut file (.URL) or a hyperlink pointing to malicious files that can bypass SmartScreen’s warnings,” Unit 42 researchers said in their report. “The bypass is simple and relies on a parameter that references a network share, rather than a URL. The crafted .URL file contains a link to a threat actor’s network share with a malicious binary.”
Mispadu only targets victims in Latin America, it was added, with the newest campaign compromising mostly users in Mexico.
The malware is hardly the only variant out there abusing the SmartScreen flaw. Earlier this year, in late January, experts were warning of the Phemedrone Stealer abusing the same flaw to extract sensitive data. Researchers from Trend Micro said this malware grabbed sensitive information stored in web browsers, cryptocurrency wallets, and messaging platforms such as Telegram, Steam, and Discord. It also takes screengrabs, and siphons out data on hardware, location, and the operating system. The stolen information is then presented to the attackers via Telegram or their command-and-control (C&C) server.
More from TechRadar Pro
Palo Alto Networks’ cybersecurity research arm Unit 42 recently discovered a new malware variant targeting users via a vulnerability in Windows SmartScreen Mispadu is an infostealer built on Delphi, looking to extract sensitive information from victim endpoints, including banking details. Last year Mispadu’s operators harvested roughly 90,000 bank account credentials,…
Recent Posts
- Quordle today – hints and answers for Sunday, May 19 (game #846)
- Blue Origin’s first crewed launch since 2022: Where to watch
- This modder proves everything’s better with a GBA SP screen attached
- Mobile industry is quietly preparing for the biggest change to your smartphone in a decade — iSIM will hasten the end of SIM cards and allow networks to preload plans on devices
- Replacing the OLED iPad Pro’s battery is easier than ever
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011