https://bit.ly/42qTAhN - Inside Mispadu massive infection campaign in LATAM A recent infection attempt at a customer network was detected by Metabase Q Security Operations Center. The use of fake certificates to try to evade detection caught their attention. During the analysis of the artifacts provided by the SOC team, 20 different spam campaigns were identified targeting Chile, Mexico, Peru, and Portugal. The campaigns started around August 2022 and were still running at the time of this writing, early March 2023. Due to a misconfiguration made by the attackers, Ocelot was able to grab from 8 out of the 20 Command and Control Servers (C2s) (most of them compromised websites), showing a shocking 90,518 credentials stolen coming from a total of 17595 unique websites from all sectors! By looking at the techniques, tactics, and arsenal used during these campaigns, there is no doubt it is very similar to the Mispadu banking trojan but with new components not seen before. From web search results: Mispadu (aka URSA) was first documented by ESET in November 2019. It targets Brazil and Mexico as well as other Latin American countries like Bolivia, Chile, and Peru. Its main goals are monetary and credential theft.