The Trojan Ursnif was tracked back to threats on at least 100 Italian banks. In Avast's view, malware operator has a strong interest in Italian objectives, which has resulted in a loss of credentials and financial information through attacks against these banks. Avast researchers have discovered username, passwords, and credit card details, bank, and payment data which the Ursnif Banking Trojan operators seem to have seized from banking customers. They did not pinpoint the source of the details. However, details on payment cards are also sold on the dark web. In just one instance, over 1,700 credentials were stolen from an undisclosed payment processor.
Ursnif is malware that was originally discovered in 2007 as a banking trojan but has developed over the years. In several countries across the world, Ursnif has targeted consumers over the years, mostly using native-language e-mail lures. Ursnif is typically distributed via phishing emails, such as invoice demands and attempts to steal financial details and credentials of the account. Italy has been a major factor among Ursnif countries, a fact which is demonstrated in the information obtained from the researchers.
Referring to the Italian Financial CERT Avast says, "Our research teams have taken this information and shared it with the payment processors and banks we could identify. We've also shared this with financial services information sharing groups such as CERTFin Italy.”
The Italian project of Ursnif used a phishing campaign to email malicious attachments that get downloaded when opened, according to Fortinet. The malware Ursnif is sometimes sent using the malware loader says the company.
Username, device name, and system uptime, Ursnif gathers confidential information. According to Avast security researchers, these data are configured into p ..