Author Topic: Ursnif Trojan Uses Fileless Persistence and CAB for Stealthily Data Exfiltration  (Read 859 times)

0 Members and 1 Guest are viewing this topic.

Offline Antus67

  • Full Member
  • ***
  • Posts: 94
    • View Profile

By Ionut Arghire on January 26, 2019

In addition to employing a fileless attack technique, the Ursnif Trojan has been using CAB files to compress harvested data before exfiltration in recent attacks, Cisco Talos security researchers reveal.

The Trojan has been around for over half a decade, mainly focused on stealing users’ banking credentials, along with other sensitive information from the infected systems.

Ursnif, Talos says, is “one of the most popular malware that attackers have deployed recently.”

The recently observed Ursnif distribution campaign leveraged a Microsoft Word document containing a malicious VBA macro for the distribution of the malware. The document contains an image that asks the intended victim to enable content.

Full Article Here: