Ursnif Malware Resurgence Threatens High-Profile Targets
Cybersecurity experts have warned about the resurgence of Ursnif malware, a notorious banking Trojan with enhanced capabilities. Disguised as legitimate software, it targets high-profile institutions and individuals, stealing sensitive information.
Ursnif's infection begins with spear phishing emails, luring targets with macro-enabled XLS attachments or zip files containing HTA files. Once activated, Ursnif parses configuration details from the Portable Executable (PE) header using the JJ structure and initiates contact with its Command and Control (CnC) server via an HTTP GET request.
The malware, also acting as a keylogger, collects sensitive data from popular browsers like Chrome, Firefox, and Microsoft Edge. It uses User Agents mimicking Zoom and Webex to blend in, a tactic observed during the peak of the pandemic. Ursnif's capabilities extend beyond keylogging; it can download and execute binaries, upload files and screenshots, and even steal credentials.
Despite its widespread use and evolution over the years, the specific developer or group behind Ursnif remains anonymous or unconfirmed. Ursnif loader employs in-memory unpacking routines, rewriting an in-memory image with a new unpacked binary to evade detection.
Ursnif's ability to steal credentials and download other malware, coupled with its keylogging functionality, makes it one of the most prolific pieces of malware. In 2020, it ranked among the top ten most prevalent malware strains. As Ursnif continues to evolve, cybersecurity professionals urge caution, particularly for banking, financial services, and government agencies, which are prime targets.
Read also:
- Emergency services of the future revealed by Renault with the introduction of the Vision 4Rescue vehicle.
- SonicWall executive Michael Crean discusses the current state of managed security
- Companies exercise prudence towards AI adoption, ensuring secure implementation: Exploring safeguards and strategies.
- Stolen Brain Data of Sinner and Leclerc (Yellow chroma), previously held in China, repurposed for military training purposes.
