This blog post was authored by John Arneson of Talos

Executive Summary

Cisco Talos once again spotted the in the wild. We tracked this information stealer after Cisco’s Advanced Protection (AMP) Exploit Prevention engine alerted us to these Ursnif infections. Thanks to AMP, we were able to prevent Ursnif from infecting any of its targets. The alert piqued our curiosity, so we began to dig a bit deeper and provide some recent IoCs related to this threat, which traditionally attempts to steal users’ banking login credentials and other login information. Talos has covered Ursnif in the past, as it is one of the most popular that attackers have deployed recently. In April, we detected that Ursnif was being delivered via malicious emails along with the IceID banking trojan.

Read more here

Share:

Tags:



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here