Security News

The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif. BATLOADER, as the name suggests, is a loader that's responsible for distributing next-stage malware such as information stealers, banking malware, Cobalt Strike, and even ransomware.

As one of the oldest banking trojans - dating back to the mid-2000s - the software nasty has a number of variants and been given a few monikers, including URSNIF, Gozi, and ISFB. It's crossed paths with other malware families, had its source code leaked twice since 2016 and, according to Mandiant, is now less a single malware family than a "Set of related siblings." In a report this week, Mandiant researchers Sandor Nemes, Sulian Lebegue, and Jessa Valdez wrote that a strain of URSNIF's RM3 version is no longer a banking trojan but a generic backdoor, similar to the short-lived Saigon variant.

A new version of the Ursnif malware emerged as a generic backdoor, stripped of its typical banking trojan functionality. Codenamed "LDR4," the new variant was spotted on June 23, 2022, by researchers at incident response company Mandiant, who believe that it's being distributed by the same actors that maintained the RM3 version of the malware over the past years.

The Ursnif malware has become the latest malware to shed its roots as a banking trojan to revamp itself into a generic backdoor capable of delivering next-stage payloads, joining the likes of Emotet, Qakbot, and TrickBot. "This is a significant shift from the malware's original purpose to enable banking fraud, but is consistent with the broader threat landscape," Mandiant researchers Sandor Nemes, Sulian Lebegue, and Jessa Valdez disclosed in a Wednesday analysis.

Banking Trojan Designed to Steal Passwords and CredentialsA new variant of the Ursnif Trojan is targeting vulnerable systems in an attempt to steal banking passwords and other credentials. The...

Researchers Say Latest Version Evades DetectionA variant of the long-running Ursnif banking Trojan is able to better evade security protection and has the ability to steal not only financial...

A new variant of the Ursnif trojan has been discovered targeting Japan since the beginning of 2019. Japan is a common target for Ursnif, but the latest version, delivered by Bebloh, goes to...

A. Bad things from 2008 we can't seem to shake A piece of banking malware that first debuted more than a decade ago is once again wrecking havoc.…

In addition to employing a fileless attack technique, the Ursnif Trojan has been using CAB files to compress harvested data before exfiltration in recent attacks, Cisco Talos security researchers...

Security researchers have discovered two separate malware campaigns, one of which is distributing the Ursnif data-stealing trojan and the GandCrab ransomware in the wild, whereas the second one is...