A new banking Trojan distributed via malvertising and malspam campaigns using fake McDonald’s coupons as lures was observed while attempting to steal financial information from potential Latin American victim.
The previously undocumented malware — dubbed Mispadu by ESET's research team that found it — is similar to other Latin American banking Trojans such as Amavaldo and Casbaneiro as it is developed in Delphi and uses a custom cryptographic algorithm for obfuscating its source code.
This banking Trojan has been specifically built to attack users from Brazil and Mexico, with variants, different installers, and subsequent stages specifically developed for each of the targeted countries.