ESET identifies Latin American banking trojan, Mispadu, targeting victims with malicious Facebook ads

BRATISLAVA – ESET, a global leader in cybersecurity, continues its research into Latin American banking trojans with the identification of another previously unknown malware family, Mispadu.

Similar to the Amavaldo and Casbaneiro malware families recently described by ESET, Mispadu is written in Delphi and targets victims through the use of fake pop-up windows trying to persuade potential victims to share their personal details and credentials. The Mispadu banking trojan, which primarily targets Brazil and Mexico, contains backdoor functionality, can take screenshots, simulates mouse and keyboard actions, and captures keystrokes.

The ESET research team has seen the Mispadu family using two different distribution methods – spam and malvertising. While the former is common among Latin American banking trojans, the latter is quite rare. The threat actor behind Mispadu places sponsored advertisements on Facebook that offer fake discount coupons for McDonald’s. Clicking on the advertisement leads the potential victim to a malicious webpage where a ZIP file containing an MSI installer, masquerading as a discount coupon, can be downloaded. If downloaded and executed, a chain of three scripts follows, resulting in the download and execution of the Mispadu banking trojan. The trojan uses four potentially unwanted applications, all modified copies of legitimate software, to extract the victim’s stored credentials from web browsers and email clients.

In Brazil, Mispadu has been seen also distributing an interesting, malicious Google Chrome extension. The extension claims to “Protect your Chrome,” but instead it attempts to steal credit card and online banking data, and can even compromise Boleto, a popular payment system in Brazil that uses a barcode-based ticketing system to transfer payments. The Boleto component of the Mispadu malware attack is its most advanced feature, as it replaces the legitimate barcode on a Boleto ticket with one connected to the attacker’s bank account, generated via the abuse of a legitimate website.

For more details, read the blog post, Mispadu: advertisement for a discounted Unhappy Meal, on WeLiveSecurity.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.