The Ursnif Trojan has been traced back to attacks in opposition to at minimum 100 financial institutions in Italy. 

In accordance to Avast, the malware’s operators have a keen curiosity in Italian targets and assaults towards these banking establishments have led to the decline of qualifications and monetary information.

The cybersecurity company explained on Tuesday that at least 100 banking companies have been focused, primarily based on facts gathered by the scientists. 

In one case by yourself, an unnamed payment processor had in excess of 1,700 sets of credentials stolen. 

Avast identified usernames, passwords, credit history card, banking, and payment info that appears to have been harvested by the malware. 

To start with uncovered in 2007, Ursnif commenced its journey as a simple banking Trojan. The information and facts stealer’s code was leaked on GitHub and has given that evolved and has turn out to be a lot more refined, with its code staying designed independently and also showing as aspect of the Gozi banking malware. 

Ursnif is normally distribute by way of phishing e-mails — these kinds of as invoice requests — and tries to steal economic knowledge and account qualifications. 

Datktrace researchers documented a 2020 marketing campaign in which the malware was employed in an assault towards a US lender. A phishing e-mail was despatched to an personnel who unwittingly opened a malicious attachment and unintentionally downloaded an executable file pretending to be a .cab extension. 

This file known as out to command-and-handle (C2) servers registered in Russia only a day prior to the start of the campaign — and, hence, the IPs had been not blacklisted at the time of infection. A current obfuscation system pointed out in this assault was the use of Person Brokers imitating Zoom and Webex to attempt and disguise in network targeted traffic.

Darktrace has also tracked the malware in assaults versus businesses in the US and Italy. 

Avast has shared its results with the target banking institutions the organization was capable to establish, together with CERTFin Italy, a economical products and services knowledge trade managed by the Lender of Italy and the Italian Banking Affiliation (ABI).

Preceding and related protection

Have a tip? Get in contact securely via WhatsApp | Sign at +447713 025 499, or above at Keybase: charlie0