The novel variant of the banking Trojan Mispadu is targeting Latin American countries, especially Mexico, by exploiting a flaw in Windows SmartScreen.
Researchers at Unit42 found the updated Trojan now exploits a Windows SmartScreen bypass vulnerability tracked as CVE-2023-36025 that Microsoft patched in November 2023.
Eset first uncovered the Mispadu Stealer in 2019 and detailed how it had stolen money and credentials from Spanish- and Portuguese-speaking victims.