Ursnif

Pierluigi Paganini August 01, 2023
WikiLoader malware-as-a-service targets Italian organizations

Threat actors are targeting Italian organizations with a phishing campaign aimed at delivering a new malware called WikiLoader. WikiLoader is a new piece of malware that is employed in a phishing campaign that is targeting Italian organizations. Threat actors behind the campaign are using WikiLoader to deliver a banking trojan, stealer, and malware such as Ursnif to the […]

Pierluigi Paganini October 21, 2022
News URSNIF variant doesn’t support banking features

A new variant of the popular Ursnif malware is used as a backdoor to deliver next-stage payloads and steal sensitive data. Mandiant researchers warn of a significant shift from Ursnif‘s original purpose, the malware initially used in banking frauds is now used to deliver next-stage payloads and steal sensitive data. The new variant, first observed […]

Pierluigi Paganini March 17, 2020
Ursnif campaign targets Italy with a new infection Chain

Malware researchers from Cybaze-Yoroi ZLab have uncovered a new Ursnif campaign that is targeting Italy with a new infection chain. Introduction Ursnif is one of the most and widespread common threats today delivered through malspam campaigns. It appeared on the threat landscape about 13 years ago and gained its popularity since 2014 when its source […]

Pierluigi Paganini June 11, 2019
How Ursnif Evolves to Keep Threatening Italy

For months the Italian users have been targeted by waves of malspam delivering infamous Ursnif variants, Yoroi-Cybaze ZLab detailed its evolution. Introduction For months the Italian users have been targeted by waves of malspam delivering infamous Ursnif variants. Yoroi-Cybaze ZLab closely observed these campaigns and analyzed them to track the evolution of the techniques and […]

Pierluigi Paganini February 07, 2019
Ursnif: Long Live the Steganography and AtomBombing!

Yoroi ZLab – Cybaze uncovered a new wave of Ursnif attacks using a variant that implements an exotic process injection technique called AtomBombing Another wave of Ursnif attacks hits Italy. Ursnif is one of the most active banking trojans. It is also known as GOZI, in fact, it is a fork of the original Gozi-ISFB banking Trojan that […]

Pierluigi Paganini January 25, 2019
Two distinct campaigns spread GandCrab ransomware and Ursnif Trojan via weaponized docs

Security experts observed two distinct campaigns distributing the Ursnif malware, one of them also delivered the GandCrab ransomware. Experts pointed out that the cybercrime gangs behind the two campaigns are different, but they discovered many similarities in them. Attackers spread phishing messages using weaponized Microsoft Word document and leverages Powershell to deliver fileless malware. Ursnif is a banking […]

Pierluigi Paganini December 04, 2018
Dissecting the latest Ursnif DHL-Themed Campaign

Security experts at Yoroi – Cybaze Z-Lab discovered a new variant of the infamous Ursnif malware targeted Italian users through a malspam campaign. Introduction In the last weeks, a new variant of the infamous Ursnif malware was discovered hitting Italian users through a malspam campaign. In fact, Yoroi-Cybaze ZLAB isolated several malicious emails having the following content: Subject: “VS Spedizione […]

Pierluigi Paganini June 25, 2018
CSE Malware ZLab – A new variant of Ursnif Banking Trojan served by the Necurs botnet hits Italy

Malware researchers from CSE Cybsec ZLab discovered a missed link between the Necurs Botnet and a variant of the Ursnif trojan that recently hit Italy. Starting from 6th June, a new version of the infamous banking trojan Ursnif hit Italian companies. This malware is well known to the cyber-security community, the Ursnif banking Trojan was […]

Pierluigi Paganini June 08, 2018
DMOSK Malware Targeting Italian Companies

The security expert and malware researcher Marco Ramilli published a detailed analysis on a new strain of malware dubbed DMOSK that targets Italian firms, Today I’d like to share another interesting analysis made by my colleagues and I. It would be a nice and interesting analysis since it targeted many Italian and European companies. Fortunately, the […]

Pierluigi Paganini December 07, 2016
Stegano campaign exposed millions netizens via attack code in pixels of ads banners

Stegano campaign – Millions of people visiting major websites may have been infected with malicious code that was embedded in pixels of the ads banners. A single pixel could be used to compromise your PC, millions of people visiting major websites over the past months may have been infected with malicious code that was embedded in […]