New Banking Trojan Infects Victims via McDonald’s Malvertising


New Banking Trojan Infects Victims via McDonald’s Malvertising (Nov 20, 2019)

A new banking trojan called “Mispadu” has been seen using McDonald’s coupon lures in Latin America. The trojan has been developed to target Brazilian and Mexican victims, with unique variants for each country. The lures have been sent through email and Facebook adverts. Once a victim has been infected they are served fake pop up advertisements attempting to persuade them into revealing personal information. The trojan also steals device information, system information and scrapes credentials from browsers and input forms. This is similar to Casbaneiro and Amavaldo Trojans.

Recommendation: Utilizing social media can be an effective tactic for threat actors because it may be easier to trick users with malicious advertising. Users should always default to going to official websites for content because actors will attempt to direct traffic to malicious websites that appear legitimate. Organisations should train staff to recognise phishing attempts, conduct regular phishing exercises, and help employees get experience in reporting potential phishing emails to the relevant team within the organisation.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.