Alert: This Trojan Malware aimed at stealing bank details and personal information is spreading via infected Word documents.
The Ursnif Trojan, a banking malware that has existed for more than a decade in some version or another since 2007, is back with a shrewder strategy.
What is new
This malware is aimed at computers and machines that run Windows. It is a favourite with cyber criminals due to its source code being leaked online. This has made it extremely convenient for attackers to access it as well as modify it, making it a malware that is incredibly dangerous. This malware targets banking data, personal information and online credentials.
Researchers at Fortinet, a cybersecurity firm, have discovered a new variation of this malware. This malware has chosen a new weapon- the indispensable Word document.
How does this work and what it means for you
The unsuspecting victim receives a phishing email with an infected Word document. These documents are generally named in this manner: info_[date].doc. These documents supposedly created in a previous version of Word. Thus, in order to view it, one has to enable macros. Doing so requires one to click the ‘enable content’ command. This allows the malicious VBA code to initiate the attack by unleashing the recently complied version of the Ursnif Trojan.
Once installed, this Trojan runs multiple processes (i.explorer.exe). These processes will appear and disappear continuously. This is a sign of the malware creating the essential conditions that it needs to establish contact with its command and control server. To disguise suspicious activities, the host list for the command and control server has references to Microsoft and Security companies.
According to researchers, this recent version was compiled on 25th July. Researchers have advised users to be cautious as this campaign is currently active. Indicators of Compromise have been listed in the analysis of this malware.
Logix recommends that one should not dismiss this malware for these deceptively basic looking attack techniques. Be careful as a simple infected word document which is an everyday staple can be harmful to your system and network.
How Logix can help – Cyber Security Solutions
One of the challenges that organizations face is the growing complexities everywhere from continuously evolving automated targeted cyber threats on the network, applications & programs to keeping abreast with the most current security patch updates.
Logix is a firm believer in the principle that your Cyber Security should evolve to keep with the continuously evolving cyber threats. To give you the best protection, your Cyber security should evolve according to the need of the hour with constant patch updates, regular VAPT checks and round the clock network health check
With a strong focus on research and innovation, we have built extensive capability around Big Data for Security Analytics, Response, and Security Automation. We offer a variety of products and services to help you protect your network and your system from malicious threats. These services range from Antivirus, Firewall, Web Applications Firewall and much more.
For more details and to know what will work the best for your unique needs, visit this page