A new type of Ursnif Trojan malware steals users' email contacts in order to conduct a targeted spear-phishing campaign.
The Trojan malware sends out legitimate-looking emails to an infected organization's contacts. The malware is able to reply to real emails sent to compromised accounts. The reply includes a Word attachment that contains a malicious macro that downloads the malware onto the recipient's device if opened. Once the document is closed, the macro launches and executes the payload. It then uses the email recipient's computer to send out more phishing emails to his or her contacts.
Once a computer is infected, the Trojan can steal a wealth of personal data, including banking and credit card information. Hackers can also use Ursnif to launch man-in-the-middle browser attacks or use keylogging and screenshots to steal passwords and other sensitive data.
Ursnif is sophisticated and difficult to detect and analyze. Ursnif has been known to target the financial industry in the past, but this variant is targeting more industries. Jessica Davis "Trojan malware steals contacts for targeted spear phishing attacks," www.healthcareitnews.com (Nov. 10, 2017).