Cisco Blogs

AMP tracks new campaign that delivers Ursnif

January 24, 2019 - 0 Comments

This blog post was authored by John Arneson of Cisco Talos

Executive Summary

Cisco Talos once again spotted the Ursnif malware in the wild. We tracked this information stealer after Cisco’s Advanced Malware Protection (AMP) Exploit Prevention engine alerted us to these Ursnif infections. Thanks to AMP, we were able to prevent Ursnif from infecting any of its targets. The alert piqued our curiosity, so we began to dig a bit deeper and provide some recent IoCs related to this threat, which traditionally attempts to steal users’ banking login credentials and other login information. Talos has covered Ursnif in the past, as it is one of the most popular malware that attackers have deployed recently. In April, we detected that Ursnif was being delivered via malicious emails along with the IceID banking trojan.

Read more here


In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.