Ursnif – Page 2 – WindowsTechs.com

Urgent to all residents of the building email delivers Ursnif

Posted on December 11, 2018 by Myonlinesecurity

We are seeing a fairly large Ursnif /Gozi /ISFB campaign hitting the UK since Yesterday. Earlier we saw a Brexit theme and now we are seeing emergency exit notices. The subject this time is consistent in all versions “Urgent to all residents of … Continue reading Urgent to all residents of the building email delivers Ursnif→

Large Ursnif campaign hitting UK using Brexit as lure

Posted on December 11, 2018 by Myonlinesecurity

We are seeing a fairly large Ursnif /Gozi /ISFB campaign hitting the UK since Yesterday. The criminals are using the theme of Brexit which is very topical in UK ( and the rest of Europe) at the moment. There are numerous subjects all with Brexit somew… Continue reading Large Ursnif campaign hitting UK using Brexit as lure→

Ursnif campaign hitting UK imitating well known companies

Posted on December 7, 2018 by Myonlinesecurity

We are seeing an Ursnif /Gozi /ISFB campaign hitting the UK since yesterday. I was first alerted by this Twitter post. I started to investigate quickly last night and several much better researchers and analysts have taken over and found much more deta… Continue reading Ursnif campaign hitting UK imitating well known companies→

Fake ticketsales.com e-tickets scam delivers ursnif banking trojan

Posted on September 25, 2018 by Myonlinesecurity

We are seeing a malspam campaign with emails pretending to be e-tickets from Ticketsales.com This looks like it is a new Ursnif banking trojan version, that is now currently being investigated by several researchers and AV companies. I really don&#8217… Continue reading Fake ticketsales.com e-tickets scam delivers ursnif banking trojan→

Fake Companies House “CC(01) Company Complaint – 5GBV2LXEK5ULLKW” delivers Ursnif banking trojan via BlackTDS

Posted on June 25, 2018 by Myonlinesecurity

Following on from last Thursday and Friday when a ursnif campaign spoofing HMRC started to use blacktds via compromised SharePoint sites we have a fake Companies House campaign today using the same system. Blacktds is a method of severely restri… Continue reading Fake Companies House “CC(01) Company Complaint – 5GBV2LXEK5ULLKW” delivers Ursnif banking trojan via BlackTDS→

Vega Stealer Malware Takes Aim at Chrome, Firefox

Posted on May 11, 2018 by Tara Seals

While it’s a simple payload for now, researchers said Vega has the ability to evolve into something more concerning in the future. Continue reading Vega Stealer Malware Takes Aim at Chrome, Firefox→

AutoIt Scripting Used By Overlay Malware to Bypass AV Detection

Posted on November 10, 2017 by Tom Spring

IBM’s X-Force Research team reports hackers attacking Brazilian banks are using the Windows scripting tool called AutoIt to reduces the likelihood of antivirus software detection. Continue reading AutoIt Scripting Used By Overlay Malware to Bypass AV Detection→

711 million email addresses found in popular banking malware’s spambot

Posted on August 30, 2017 by Patrick Howell O'Neill

A trove of 711 million email accounts used by a colossal spam operation was found by a Parisian security researcher this week. The collection, hosted on a publicly accessible server in the Netherlands, includes email addresses, corresponding passwords and servers engineered to help the spam avoid inbox filters. Uncovered by a pseudonymous researcher named Benkow moʞuƎq and reported by blogger and developer Troy Hunt, the spambot known as “Onliner” marks the largest-ever data set loaded into haveibeenpwned.com, a popular breach notification service operated by Hunt. Onliner delivers Ursnif banking malware, ZDNet reported, which is responsible in more than 100,000 global infections. Ursnif is infamous years-old data-stealing malware that has been updated continuously. It’s an evolving threat that can move through numerous attack vectors. In a 2017 report, Palo Alto Networks researchers said “newer versions of the threat allow attackers to steal browsing data such as banking and credit card information, acquire passwords via screenshots and keylogging, […]

The post 711 million email addresses found in popular banking malware’s spambot appeared first on Cyberscoop.

Continue reading 711 million email addresses found in popular banking malware’s spambot→

Japanese language invoice malspam using js files inside zips today

Posted on June 27, 2017 by Myonlinesecurity

Overnight we have seen another mass Japanese Malspam campaign with a change to the malware downloaders delivering some sort of malware that is being detected on VirusTotal as a ransomware. I am not certain that is a correct detection. This gang traditionally deliver Ursnif / Gozi banking Trojan and it has … Continue reading → Continue reading Japanese language invoice malspam using js files inside zips today→

spoofed DHL email Japanese language malspam about damaged photo delivers ursnif

Posted on June 14, 2017 by Myonlinesecurity

Following on from this post about Japanese Language invoice malspam delivering Ursnif, we are currently seeing another Japanese campaign about damaged photos. These contact the same sites as mentioned in the other post to download the same malware version. 48336.doc Current Virus total detections: Payload Security Which is still showing the same … Continue reading → Continue reading spoofed DHL email Japanese language malspam about damaged photo delivers ursnif→