{"id":5867,"date":"2019-09-15T19:56:27","date_gmt":"2019-09-15T22:56:27","guid":{"rendered":"https:\/\/forti1.com\/?p=5867"},"modified":"2025-02-12T19:49:58","modified_gmt":"2025-02-12T19:49:58","slug":"phishing-cuidado-nova-versao","status":"publish","type":"post","link":"https:\/\/forti1.com\/en\/phishing-care-new-version\/","title":{"rendered":"Phishing: New Version of Trojan Malware"},"content":{"rendered":"

Phishing: beware of this new version of Trojan malware.<\/p>\n\n\n\n

Trojan malware:<\/a> beware of this new version of Trojan malware that spreads through malicious Word documents. <\/p>\n\n\n\n

Beware of this new version of Trojan malware Phishing<\/a><\/p>\n\n\n\n

A new version of the Trojan Ursnif<\/a> is being sent via malicious Word documents with the aim of stealing bank information and other credentials.<\/p>\n\n\n\n

A new variant of Trojan malware, popular with cyber criminals, is spreading via malicious Word documents with the aim of steal data<\/a> bank details and other useful personal information.<\/p>\n\n\n\n

O Malware<\/a> The Ursnif Trojan targets Windows machines and has existed in one form or another since at least 2007, when its code first appeared in the Gozi banking Trojan.<\/p>\n\n\n\n

\"Ransomware
Fortione Helping Protect Against Ransomware Escalation<\/figcaption><\/figure>\n\n\n\n

Ursnif has become incredibly popular with cybercriminals in recent years due to the leaking of its source code online, allowing attackers to take advantage of it for free.<\/p>\n\n\n\n

Variants of Trojan Malware<\/h2>\n\n\n\n

Different variants of Trojan malware<\/strong> have emerged since the code was leaked. Attackers use it and add their own custom features to steal bank details and other online account credentials.<\/p>\n\n\n\n

Researchers from the cybersecurity company Fortinet<\/a>identified a new version of the Ursnif<\/a> in the wild. It's spreading through emails from phishing<\/a> containing Word documents with weapons. <\/p>\n\n\n\n

These infected lures are named with the format \"info_ [date] .doc\" and claim that the document was created in an earlier version of Word, requiring the user to enable macros in order to view it.<\/p>\n\n\n\n

Activating macros by clicking on the 'Enable Content' command releases the malicious VBA code. It starts the process of dropping a version of the Ursnif malware which, according to the researchers, was only recently compiled on July 25. This indicates how recently this latest incarnation was developed.<\/p>\n\n\n\n

Processes executed by malware<\/h2>\n\n\n\n

Once installed on a system, the malware will execute various \"iexplorer.exe\" processes that appear and disappear repeatedly.<\/p>\n\n\n\n

This is Ursnif, creating the necessary conditions to connect to your command and control server. <\/p>\n\n\n\n

In an effort to make the activity less suspicious, the list of hosts on the C&C server includes references to Microsoft and security companies.<\/p>\n\n\n\n

The researchers warn that the campaign is still active and have provided a review of the Indicators of Compromise in the malware analysis.<\/p>\n\n\n\n

The attack techniques deployed in this latest Ursnif campaign may seem basic. Even simple phishing email attacks can still provide hackers with means of breaking into networks or deploying malware<\/strong>.<\/p>\n\n\n\n

\nhttps:\/\/forti1.com\/ai-automacao-em-seguranca-cibernetica\/\n<\/div><\/figure>\n\n\n\n

<\/p>","protected":false},"excerpt":{"rendered":"

Phishing: beware of this new version of Trojan malware. Trojan malware: beware of this new version of malware [...]<\/p>","protected":false},"author":4,"featured_media":7598,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"no-sidebar","site-content-layout":null,"ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":null,"ast-hfb-below-header-display":null,"ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":null,"ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":null,"stick-header-meta":null,"header-above-stick-meta":null,"header-main-stick-meta":null,"header-below-stick-meta":null,"astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[2417],"tags":[16,790,33,791],"class_list":["post-5867","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-fortinet","tag-malware","tag-seguranca-de-redes","tag-ursnif-trojan"],"_links":{"self":[{"href":"https:\/\/forti1.com\/en\/wp-json\/wp\/v2\/posts\/5867","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forti1.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forti1.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forti1.com\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/forti1.com\/en\/wp-json\/wp\/v2\/comments?post=5867"}],"version-history":[{"count":0,"href":"https:\/\/forti1.com\/en\/wp-json\/wp\/v2\/posts\/5867\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forti1.com\/en\/wp-json\/wp\/v2\/media\/7598"}],"wp:attachment":[{"href":"https:\/\/forti1.com\/en\/wp-json\/wp\/v2\/media?parent=5867"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forti1.com\/en\/wp-json\/wp\/v2\/categories?post=5867"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forti1.com\/en\/wp-json\/wp\/v2\/tags?post=5867"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}