Continuing with today’s Ursnif /Gozi /ISFB banking Trojans. This one is using a different delivery method to try to throw us off track. Whereas today’s earlier ones spoofing DHL [1] [2] used standard .js files inside zips, this has a word docx attachment that contains an embedded ole object that … Continue reading →