25. June 2021

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

The banking trojan ‘Ursnif’ (aka ‘Gozi’) is back in business in Italy, targeting a large range of banking users with mobile malware. According to the IBM’s Trusteer Team’s analysis, the stakeholders behind Ursnif now include “Cerberus,” in their operations, a Trojan whose code had been leaked in September 2020 after a failing auction attempt. 

Ursnif is a banking trojan and is seen in several automated exploit kits, spreading attachments and dangerous links. Ursnif is primarily related to data theft, although its component versions also contain (backdoors, spyware, file injectors, etc.).

Cerberus is a mobile overlay malware that was first developed in the midst of 2019. Cerberus is allegedly utilized to get two-factor authentication codes in real-time during the attack whereas it is also useful to obtain the screen code from the lock and remotely operate the device. 

In September 2020, the development team of Cerberus agreed to dissolve, encouraging an endeavor to sell the source code to the highest bidder starting at $100,000. 

As IBM notes, Ursnif is arguably now the oldest existing banking malware, with its main focus being Italy. It will usually be sent through e-mail with an attached document with harmful macros – to various business addresses. After that Web injection takes over and calls on the targets to download a presumed safe software – essentially a mobile Trojan app. This is done using a QR code with an encoded string of base64.