Phishing: New Version of Trojan Malware

Phishing: Beware of this new version of Trojan malware.

Trojan Malware: Beware of this new version of Trojan malware that spreads through malicious Word documents.

Beware of this new Trojan malware version Phishing

A new version of the Trojan Ursnif is being sent via malicious Word documents with the aim of stealing banking information and other credentials.

A new variant of Trojan malware, popular among cyber criminals, is spreading via malicious Word documents with the aim of steal data and other useful personal information.

O Malware of Trojan Ursnif targets Windows machines and has existed in one form or another since at least 2007, when its code first appeared in the Gozi banking Trojan.

Ransomware and Phishing Protection
Fortione helping to protect against Escalate Ransomware

Ursnif has become incredibly popular among cybercriminals in recent years due to the source code being leaked online, allowing attackers to take advantage of it for free.

Trojan Malware Variants

Different variants of Trojan Malware have emerged since the code was leaked. Attackers use it and add their own custom features to steal banking details and other online account credentials.

Researchers from the cyber security company Fortinethave identified a new version of Ursnif in the wild. It is spreading by e-mail from phishing containing Word documents with weapons.

These infected lures are named with the format "info_ [date] .doc" and claim that the document was created in a previous version of Word, requiring the user to enable macros to view it.

Enabling macros by clicking the 'Enable Content' command, releases the malicious VBA code. It starts the process of dropping a version of the Ursnif malware that, according to the researchers, was only recently compiled on July 25. This indicates how recently this latest incarnation was developed.

Processes performed by Malware

Once installed on a system, the malware will run various "iexplorer.exe" processes that repeatedly appear and disappear.

This is Ursnif, creating the conditions necessary to connect to its command and control server.

In an effort to make the activity less suspicious, the list of hosts on the C&C server includes references to Microsoft and security companies.

The researchers warn that the campaign is still active and have provided a review of the Engagement Indicators in the malware analysis.

The attack techniques deployed in this latest Ursnif campaign may seem basic. Even simple phishing email attacks can still provide hackers with means of hacking into networks or deploying malware.

Do you like the content? Share it!