Ursnif reloaded: tracing the latest trojan campaigns

On the 9th of October our customers started reporting the same kind of incident over the span of a few hours. The identified activity appears to be linked to the banking Trojan Ursnif, a long active malware, whose roots can be traced back to 2007 together with ZeuS and SpyEye, still with strong infection capabilities in each of its campaigns. The attack vector was a malicious email with a Word document attached.
Continue reading “Ursnif reloaded: tracing the latest trojan campaigns”

Banks and crypto wallets: unveiling a global malware campaign using Zeus/Panda

For the past weeks our Threat Intelligence team has been following an enxtesive campaign, possibly operated by the same group, targeting a large amount of financial institutions, cyptocurrency wallets and the occasional Google and Apple accounts. The attackers target their victims both with Phishing emails, typo-squatted domains and malicious attachments that eventually lead to the installation of Zeus/Panda banking malware. The group appears to be active since at least 2015 and it’s most likely related to several campaigns identified by the security community in the past 3 years.
Continue reading “Banks and crypto wallets: unveiling a global malware campaign using Zeus/Panda”