Organizations in Italy, Sweden, and Poland have been targeted by expanded attacks with the Mispadu banking trojan, also known as URSA, as part of an ongoing campaign that originally targeted financial, commercial, automotive manufacturing, and service entities, as well as law firms across Latin America, The Hacker News reports.
Mexico continued to be the country most impacted by the attack campaign, which involved the widespread exfiltration of user credentials, a report from Morphisec revealed.
Attacks involved the delivery of invoice-themed phishing emails with PDF attachments, which facilitate the download of a ZIP archive with an HTA script or MSI installer that eventually results in the deployment of the Mispadu trojan that also features screenshot and keystroke capturing capabilities, researchers said.
Such a development follows a Proofpoint report detailing threat actors' use of YouTube videos on cracked games to facilitate the distribution of the Vidar, Lumma Stealer, and Stealc information-stealing payloads
