Cisco Blogs

AMP tracks new campaign that delivers Ursnif

January 24, 2019 - 0 Comments

This blog post was authored by John Arneson of Cisco Talos

Executive Summary

Cisco Talos once again spotted the Ursnif malware in the wild. We tracked this information stealer after Cisco’s Advanced Malware Protection (AMP) Exploit Prevention engine alerted us to these Ursnif infections. Thanks to AMP, we were able to prevent Ursnif from infecting any of its targets. The alert piqued our curiosity, so we began to dig a bit deeper and provide some recent IoCs related to this threat, which traditionally attempts to steal users’ banking login credentials and other login information. Talos has covered Ursnif in the past, as it is one of the most popular malware that attackers have deployed recently. In April, we detected that Ursnif was being delivered via malicious emails along with the IceID banking trojan.

Read more here

Leave a comment

We'd love to hear from you! Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed and HTML formatting will not appear.