Palo Alto Networks’ cybersecurity research arm Unit 42 recently discovered a new malware variant targeting users via a vulnerability in Windows SmartScreen
Mispadu is an infostealer built on Delphi, looking to extract sensitive information from victim endpoints, including banking details.
Last year Mispadu’s operators harvested roughly 90,000 bank account credentials, The Hacker News claimss, citing Metabase Q reports.
Mispadu is after your data
Mispadu works by exploiting a flaw tracked as CVE202336025. It is a highseverity bypass flaw found in Windows SmartScreen that Microsoft fixed in November last year. It has a severity score of 8.8. The hackers abuse the flaw by creating a custom .URL file, or a hyperlink, which then points to a malicious file that can work around SmartScreen’s warnings.
SmartScreen is an antimalware component, running from the cloud, which comes with multiple Microsoft products, from Windows 8 onward, and including Edge.
“This exploit revolves around the creation of a specifically crafted internet shortcut file (.URL) or a hyperlink pointing to malicious files that can bypass SmartScreen’s warnings,” Unit 42 researchers said in their report. “The bypass is simple and relies on a parameter that references a network share, rather than a URL. The crafted .URL file contains a link to a threat actor’s network share with a malicious binary.”
Mispadu only targets victims in Latin America, it was added, with the newest campaign compromising mostly users in Mexico.