{"id":4033,"date":"2019-11-20T09:22:25","date_gmt":"2019-11-20T07:22:25","guid":{"rendered":"https:\/\/blog.eset.ee\/?p=4033"},"modified":"2019-11-20T09:22:26","modified_gmt":"2019-11-20T07:22:26","slug":"eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads","status":"publish","type":"post","link":"https:\/\/blog.eset.ee\/et\/en\/2019\/11\/20\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\/","title":{"rendered":"ESET identifies Latin American banking trojan, Mispadu, targeting victims with malicious Facebook ads"},"content":{"rendered":"\n<p>Similar to the<a href=\"https:\/\/www.welivesecurity.com\/2019\/08\/01\/banking-trojans-amavaldo\/\"> Amavaldo<\/a> and <a href=\"https:\/\/www.welivesecurity.com\/2019\/10\/03\/casbaneiro-trojan-dangerous-cooking\/\">Casbaneiro<\/a> malware families recently described by ESET, Mispadu is written in Delphi and targets victims through the use of fake pop-up windows trying to persuade potential victims to share their personal details and credentials. The Mispadu banking trojan, which primarily targets Brazil and Mexico, contains backdoor functionality, can take screenshots, simulates mouse and keyboard actions, and captures keystrokes.<\/p>\n\n\n\n<p>The\nESET research team has seen the Mispadu family using two different distribution\nmethods \u2013 spam and malvertising. While the former is common among Latin\nAmerican banking trojans, the latter is quite rare. The threat actor behind\nMispadu places sponsored advertisements on Facebook that offer fake discount\ncoupons for McDonald\u2019s. Clicking on the advertisement leads the potential\nvictim to a malicious webpage where a ZIP file containing an MSI installer,\nmasquerading as a discount coupon, can be downloaded. If downloaded and\nexecuted, a chain of three scripts follows, resulting in the download and\nexecution of the Mispadu banking trojan. The trojan uses four potentially\nunwanted applications, all modified copies of legitimate software, to extract\nthe victim\u2019s stored credentials from web browsers and email clients.<\/p>\n\n\n\n<p>In\nBrazil, Mispadu has been seen also distributing an interesting, malicious\nGoogle Chrome extension. The extension claims to \u201cProtect your Chrome,\u201d but\ninstead it attempts to steal credit card and online banking data, and can even compromise\nBoleto, a popular payment system in Brazil that uses a barcode-based ticketing\nsystem to transfer payments. The Boleto component of the Mispadu malware attack\nis its most advanced feature, as it replaces the legitimate barcode on a Boleto\nticket with one connected to the attacker\u2019s bank account, generated via the\nabuse of a legitimate website.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Similar to the Amavaldo and Casbaneiro malware families recently described by ESET, Mispadu is written in Delphi and targets victims through the use of fake pop-up windows trying to persuade potential victims to share their personal details and credentials. The Mispadu banking trojan, which primarily targets Brazil and Mexico, contains backdoor functionality, can take screenshots,<\/p>\n","protected":false},"author":5,"featured_media":4034,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[160],"tags":[],"class_list":["post-4033","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-malware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.2 (Yoast SEO v27.6) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>ESET identifies Latin American banking trojan, Mispadu, targeting victims with malicious Facebook ads - ESET Eesti Blogi<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.eset.ee\/et\/en\/2019\/11\/20\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ESET identifies Latin American banking trojan, Mispadu, targeting victims with malicious Facebook ads\" \/>\n<meta property=\"og:description\" content=\"Similar to the Amavaldo and Casbaneiro malware families recently described by ESET, Mispadu is written in Delphi and targets victims through the use of fake pop-up windows trying to persuade potential victims to share their personal details and credentials. The Mispadu banking trojan, which primarily targets Brazil and Mexico, contains backdoor functionality, can take screenshots,\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.eset.ee\/et\/en\/2019\/11\/20\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\/\" \/>\n<meta property=\"og:site_name\" content=\"ESET Eesti Blogi\" \/>\n<meta property=\"article:publisher\" content=\"http:\/\/www.facebook.com\/antiviirus\" \/>\n<meta property=\"article:published_time\" content=\"2019-11-20T07:22:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-11-20T07:22:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/11\/Unhappy_meal.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"ESET Blog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ESET Blog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/11\\\/20\\\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/11\\\/20\\\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\\\/\"},\"author\":{\"name\":\"ESET Blog\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\"},\"headline\":\"ESET identifies Latin American banking trojan, Mispadu, targeting victims with malicious Facebook ads\",\"datePublished\":\"2019-11-20T07:22:25+00:00\",\"dateModified\":\"2019-11-20T07:22:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/11\\\/20\\\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\\\/\"},\"wordCount\":294,\"image\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/11\\\/20\\\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/Unhappy_meal.jpg\",\"articleSection\":[\"malware\"],\"inLanguage\":\"en-US\",\"copyrightYear\":\"2019\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/11\\\/20\\\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\\\/\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/11\\\/20\\\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\\\/\",\"name\":\"ESET identifies Latin American banking trojan, Mispadu, targeting victims with malicious Facebook ads - ESET Eesti Blogi\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/11\\\/20\\\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/11\\\/20\\\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/Unhappy_meal.jpg\",\"datePublished\":\"2019-11-20T07:22:25+00:00\",\"dateModified\":\"2019-11-20T07:22:26+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/11\\\/20\\\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/11\\\/20\\\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/11\\\/20\\\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\\\/#primaryimage\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/Unhappy_meal.jpg\",\"contentUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/Unhappy_meal.jpg\",\"width\":1200,\"height\":628},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/11\\\/20\\\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ESET identifies Latin American banking trojan, Mispadu, targeting victims with malicious Facebook ads\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/\",\"name\":\"ESET Eesti Blogi\",\"description\":\"Uudised IT maailmast\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\",\"name\":\"ESET Blog\",\"sameAs\":[\"http:\\\/\\\/eset.ee\"],\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/author\\\/allankinsigo\\\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/11\\\/20\\\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\\\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"ESET EESTI\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"ESET identifies Latin American banking trojan, Mispadu, targeting victims with malicious Facebook ads - ESET Eesti Blogi","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.eset.ee\/et\/en\/2019\/11\/20\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\/","og_locale":"en_US","og_type":"article","og_title":"ESET identifies Latin American banking trojan, Mispadu, targeting victims with malicious Facebook ads","og_description":"Similar to the Amavaldo and Casbaneiro malware families recently described by ESET, Mispadu is written in Delphi and targets victims through the use of fake pop-up windows trying to persuade potential victims to share their personal details and credentials. The Mispadu banking trojan, which primarily targets Brazil and Mexico, contains backdoor functionality, can take screenshots,","og_url":"https:\/\/blog.eset.ee\/et\/en\/2019\/11\/20\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\/","og_site_name":"ESET Eesti Blogi","article_publisher":"http:\/\/www.facebook.com\/antiviirus","article_published_time":"2019-11-20T07:22:25+00:00","article_modified_time":"2019-11-20T07:22:26+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/11\/Unhappy_meal.jpg","type":"image\/jpeg"}],"author":"ESET Blog","twitter_card":"summary_large_image","twitter_misc":{"Written by":"ESET Blog","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/11\/20\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\/#article","isPartOf":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/11\/20\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\/"},"author":{"name":"ESET Blog","@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88"},"headline":"ESET identifies Latin American banking trojan, Mispadu, targeting victims with malicious Facebook ads","datePublished":"2019-11-20T07:22:25+00:00","dateModified":"2019-11-20T07:22:26+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/11\/20\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\/"},"wordCount":294,"image":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/11\/20\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/11\/Unhappy_meal.jpg","articleSection":["malware"],"inLanguage":"en-US","copyrightYear":"2019","copyrightHolder":{"@id":"https:\/\/blog.eset.ee\/et\/#organization"}},{"@type":"WebPage","@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/11\/20\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\/","url":"https:\/\/blog.eset.ee\/et\/en\/2019\/11\/20\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\/","name":"ESET identifies Latin American banking trojan, Mispadu, targeting victims with malicious Facebook ads - ESET Eesti Blogi","isPartOf":{"@id":"https:\/\/blog.eset.ee\/et\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/11\/20\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\/#primaryimage"},"image":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/11\/20\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/11\/Unhappy_meal.jpg","datePublished":"2019-11-20T07:22:25+00:00","dateModified":"2019-11-20T07:22:26+00:00","author":{"@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88"},"breadcrumb":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/11\/20\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.eset.ee\/et\/en\/2019\/11\/20\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/11\/20\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\/#primaryimage","url":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/11\/Unhappy_meal.jpg","contentUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/11\/Unhappy_meal.jpg","width":1200,"height":628},{"@type":"BreadcrumbList","@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/11\/20\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.eset.ee\/et\/en\/"},{"@type":"ListItem","position":2,"name":"ESET identifies Latin American banking trojan, Mispadu, targeting victims with malicious Facebook ads"}]},{"@type":"WebSite","@id":"https:\/\/blog.eset.ee\/et\/en\/#website","url":"https:\/\/blog.eset.ee\/et\/en\/","name":"ESET Eesti Blogi","description":"Uudised IT maailmast","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.eset.ee\/et\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88","name":"ESET Blog","sameAs":["http:\/\/eset.ee"],"url":"https:\/\/blog.eset.ee\/et\/en\/author\/allankinsigo\/"},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/11\/20\/eset-identifies-latin-american-banking-trojan-mispadu-targeting-victims-with-malicious-facebook-ads\/#local-main-organization-logo","url":"","contentUrl":"","caption":"ESET EESTI"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/4033","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/comments?post=4033"}],"version-history":[{"count":0,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/4033\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media\/4034"}],"wp:attachment":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media?parent=4033"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/categories?post=4033"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/tags?post=4033"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}