Ursnif — 2 August 2021 campaign
Ursnif campaign of 2 August 2021: Italian-language phishing waves, payload delivery patterns and host indicators across the latest infection set.
Tag
ursnif
Read the analysis
Ursnif and Android APPs
Ursnif banking trojan extending its operation to Android: malicious APK delivery, second-stage capabilities, overlay attacks and detection considerations.
Ursnif/Cutwail Malware — June 2021
Ursnif/Cutwail malspam infrastructure update for June 2021: botnet-driven distribution, lure rotation and host indicators across affected estates.
Ursnif Malware — Italian Tax Agency lure
Ursnif campaign abusing the Italian Tax Agency (Agenzia delle Entrate) brand as social-engineering lure: Italian-language phishing templates and host indicators.
Ursnif Malware — behaviour and removal
Ursnif (Gozi/ISFB) banking trojan: persistence mechanisms, web-injection capabilities, command-and-control patterns and remediation steps for infected hosts.
Ursnif — attacks in Italy
Ursnif campaigns aimed at Italian organisations: phishing lures in Italian, payload delivery patterns and C2 hosting trends observed across multiple waves.
Necurs Botnet & Banking Trojans
The Cisco Talos Team shared their analysis of the latest Malspam wave distributed by the Necurs Botnet (link). Necurs is among the most active botnets globally, capable of generating massive volumes of spam. The malicious emails delivered by this campaign carry Ransomware and Banking Trojans — specifically Ursnif, Panda Banker, and Emotet. Opening the malicious … Read more
