Collaborate Disseminate
Researchers have found a variant of Ursnif Trojan they said is a “v3 build” that targets Australian bank customers with new redirection attack techniques. Continue reading Ursnif Trojan Adopts New Code Injection Technique
Cyber criminals continue to evolve tactics, sometimes going to great lengths to socially engineer people. In this recently observed sample, we find the long-standing and ever-evolving banking Trojan, Gozi using a Korean Cert to trick users into do… Continue reading Banking Trojan Dropped Through Spoofed Korean CERT Bulletin
Threat actors behind the pervasive banking Trojan Ursnif made Japan one of their number one targets with fresh waves malspam attacks spotted last month. Continue reading Ursnif Banking Trojan Spreading In Japan
The Ursnif banking Trojan began targeting financial institutions in Japan during Q3 2017 and continues to operate in the region as we enter Q4.
The post Ursnif Campaign Waves Breaking on Japanese Shores appeared first on Security Intelligence.
Continue reading Ursnif Campaign Waves Breaking on Japanese Shores
Overnight we have seen another mass Japanese Malspam campaign with a change to the malware downloaders delivering some sort of malware that is being detected on VirusTotal as a ransomware. I am not certain that is a correct detection. This gang traditionally deliver Ursnif / Gozi banking Trojan and it has … Continue reading → Continue reading Japanese language invoice malspam using js files inside zips today
It looks like the Japanese malspams are still continuing to deliver Ursnif /Gozi / ISFB banking Trojans. This one is yet another fake invoice email with the subject of 請求書添付書類について (About invoice attachment documents) , pretending to come from random Japanese email addresses with a malicious Excel XLS attachment that contains macros … Continue reading → Continue reading Japanese language fake invoice malspam using macro laden XLS files continue to deliver Ursnif banking Trojans
Still sticking with Japanese malspams downloaders delivering or trying to deliver Ursnif /Gozi / ISFB banking Trojan is yet another email with the subject of Re: [お振込口座変更のご連絡 Re: [Notice of transfer account change , pretending to come from random Japanese email addresses with a malicious word doc attachment that contains … Continue reading → Continue reading another ursnif attempt from Japanese language malspam using ole objects
Yet another in the never ending series of Japanese language malspam malware downloaders delivering Ursnif /Gozi / ISFB banking Trojan is this email with the subject of 請求書 (invoice). These emails are coming in slightly malformed and outlook doesn’t want to open them or display them properly. This might be a language … Continue reading → Continue reading more Japanese language invoice malspam delivering Ursnif
Back to the never ending series of Japanese language malspam malware downloaders delivering Ursnif /Gozi / ISFB banking Trojan is yet another email with the subject of 請求書を添付 (Attach invoice). These emails are coming in slightly malformed and outlook doesn’t want to open them or display them properly. This might be … Continue reading → Continue reading More Japanese Language invoice malspam delivering ursnif banking Trojan
Continuing with the never ending series of malware downloaders is a Japanese language malspam email with the subject of 予約完了[るるぶトラベル] (Reservation complete [Ruu Travel]) pretending to come from support@rurubu.travel with a zip attachment with a Japanese character set name which delivers ursnif / Gozi / ISFB banking Trojan. We are also seeing these … Continue reading → Continue reading Japanese language spoofed travel reservation and invoice malspam delivers Ursnif banking Trojan