Hackers are testing out this updated banking malware with added stealthy attacks

The new version of the Ursnif trojan comes with new attack techniques.
Image: iStock
A new version of the Ursnif banking trojan is being tested out in the wild with modifications to the code and new attack techniques in an attempt to make the malware even more effective.
Part of the same malware family as Gozi, the new version of Ursnif comes with redirection attacks which use fake versions of banking websites in order to steal login information and financial data from victims.
Researchers at IBM X-Force note that some of the most significant changes in this third incarnation of Ursnif are in the code injecting mechanism, to such an extent that it’s likely that this version of the malware has been built by different developers to that of the second version.
It’s likely that Ursnif version three is still in its trial period because version two is still active in the wild.
The new version of Ursnif was first spotted in August in what researchers have identified as the start of a testing period in which those behind the malware have been careful to keep the malware hidden, to such an extent that the resources behind it were taken offline after each trial.
In this case, the trials have seen those behind Ursnif using the redirection attacks against business and corporate banking customers in Australia.
中国政法大学数据安全与应用规范研究基地正式成立
It appears that those behind Ursnif are following in the footsteps of other banking trojans such as Dridex and Trickbot by adding redirection attacks to the attack formula. Researchers note that the redirection scheme is implemented through the configuration file and not embedded into the code itself.
See also: What is phishing? Everything you need to know to protect yourself from scam emails and more
现在几乎没有人会否认信息安全的重要性。毫无疑问,在未来的几年内,组织要拿出一定量的投资用于信息安全,确保使用积极的安全策略应对不断出现的安全威胁。
When active, the Ursnif attack looks as if it is connecting to the real bank website for the victim, all the while handing their credentials to the cyber criminasl behind the scheme.
“The malware maintains a live connection with the bank’s legitimate webpage to ensure that its genuine URL and digital certificate appear in the victim’s address bar,” said Limor Kessem, Executive Security Advisor at IBM.
“At that point, the malicious actors can use web injections to steal login credentials, authentication codes and other personally identifiable information (PII) without tripping the bank’s fraud detection mechanisms,” she added.
Meanwhile, researchers at FireEye have also observed a seperate new technique being employed by Ursniff in the form of deploying malicious TLS (Thread local storage) callbacks.
TLS callbacks are a standard part of the Windows operating system designed to to provide additional support for initialization and termination for per-thread data structures. However, the new version of Ursnif is manipulating TLS callbacks as an anti-analysis trick.
Like many malicious campaigns, Ursnif is delivered to victims via malicious phishing emails. In this instance, researchers uncovered the malware being distributed in messages claiming to be confirmation of a supply order asking targets to open and sign a review document. If the review document is clicked on, it’ll start the process of malware infection.

Researchers say the Ursnif’s new techniques demonstrate how cyber criminals are continually re-developing malware in order to make it more effective.
READ MORE ON CYBER CRIMEGozi banking malware mastermind ordered to pay $7 million in damagesNew trojan malware campaign sends users to fake banking site that looks just like the real thingThis malware will steal your Twitter and Facebook accounts [CNET] Hackers are making their malware more powerful by copying WannaCry and Petya ransomware tricks New ‘Marcher’ malware attacks Android users’ banking accounts [TechRepublic]
Related Topics:
Security TV
Data Management
信息安全对于一个国家至关重要,没有信息安全就没有国防、金融、经济等领域的安全。另外,国内企业所面临的安全威胁也非常多,但是却很难引起人的注意。因为很多安全威胁都是无意识造成的。

猜您喜欢

数据安全事件日益高发 网络黑灰产业链已达千亿元
安全意识教育的商业价值
网络安全法宣传推广视频 https://v.qq.com/x/page/p050493s0f5.html
涛涛不绝:宝马下滑 奥迪回升 奔驰EBIT降幅超两成
DERECHOECUADOR GRACEANNETRUTH
金融服务行业要加强员工安全意识培训