Windows SmartScreen bug targeted by new Mispadu trojan variant

Mexico has been subjected to attacks with a new variant of the Mispadu banking trojan that involved the exploitation of a high-severity Windows SmartScreen vulnerability patched by Microsoft in November, according to The Hacker News. Malicious ZIP archive files with internet shortcut files have been leveraged by threat actors to target the flaw, tracked as CVE-2023-36025, evade the warnings of SmartScreen, and later distribute Mispadu, which enables geographic and system configuration targeting before conducting data exfiltration activities, a report from Palo Alto Networks' Unit 42 revealed. Such findings come amid increased remote access trojan targeting against Mexico, as well as a recent Sekoia report detailing the Russian cybercrime operation FIN7's DICELOADER custom downloader, also known as Tirion and Lizar. "DICELOADER is dropped by a PowerShell script along with other malware of the intrusion set's arsenal such as Carbanak RAT," said researchers, who also noted the downloader's advanced command-and-control IP address concealment techniques.