Vulnerability Management, Malware, Patch/Configuration Management

Windows SmartScreen bug targeted by new Mispadu trojan variant

Share

Mexico has been subjected to attacks with a new variant of the Mispadu banking trojan that involved the exploitation of a high-severity Windows SmartScreen vulnerability patched by Microsoft in November, according to The Hacker News. Malicious ZIP archive files with internet shortcut files have been leveraged by threat actors to target the flaw, tracked as CVE-2023-36025, evade the warnings of SmartScreen, and later distribute Mispadu, which enables geographic and system configuration targeting before conducting data exfiltration activities, a report from Palo Alto Networks' Unit 42 revealed. Such findings come amid increased remote access trojan targeting against Mexico, as well as a recent Sekoia report detailing the Russian cybercrime operation FIN7's DICELOADER custom downloader, also known as Tirion and Lizar. "DICELOADER is dropped by a PowerShell script along with other malware of the intrusion set's arsenal such as Carbanak RAT," said researchers, who also noted the downloader's advanced command-and-control IP address concealment techniques.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.