Enkey Magazine
Technology information website

Trojan Ursnif: 100 banks under attack

Already the last year we heard something about that on the web. The Trojan Ursnif is the most common informatic virus in Italy. It infected companies, brands and more than 100 banks. Let’s see what it is and what happened.

What is Trojan Ursnif?

It’s a bank virus, a trojan that steals the credentials of the online bank accounts.

It enters in the computers with operating system Windows and it tries to steal the datas of the bank account to take all of them. 

A malware spreaded through spam e-mails, with file Word or Excel linked or even with links to brochures and offers. 

trojan virus spam
The Trojan Ursnif gets spreaded through email spam.

We know very well the scheme: we open the attachment or we click on the link and the trojan steals all the personal datas of the user and it uses them to take everything from its pocket.

What does Ursnif do and how to defend ourselves?

Trojan Ursnif records the activities of the computers that was able to check to understand many informations of the user that it’s cheating. 

It connects to your control server while it’s inside the computer to transmit the datas as “copy-past”. Soon you migth say goodbye to your money or you can see your identitiy stolen.

To not risk it you have to be careful about the spam message of your email. We already talked about that in another article that we propose here.

We remember you that those are ghost messages, often wrote wrong with attachments files called with (name-company-name-of the-victim_request.doc).

Do not open that mail that’s it.

Up to 100 banks frauded in the 2021

At the beginning of this year 2021, even though the formula of this trojan is very known, up to 100 banks were frauded and they saw the virus enter in their systems to steal the taxpayers.

We read it online: Avast obtained informations about this theft, specifically the researchers found informations about how the banks were infected.

trojan virus
This time the Trojan Ursnif attacked the banks and stolen the personal datas.

It’s freaking out, but it doesn’t surprise the experts that are always ready to face these frauds.

Specifically in this new that was spreaded in the web, it seems that it was used a variant of the classic Trojan Ursnif, which made the malware even more efficient. Basically, if before it entered in the pcs of the taxpayers, this time they were able to enter inside the ones of the bank.

Avast is trying to help

The researchers of the company studied the event and the variant of the Trojan Ursnif to then share the datas with the frauded banks and let them defende themselves in case of future attacks.

But not only, Avast moved to help the authorities and it started researches that might arrive to the cyber criminals. Unfortunatelly they aren’t sure to find these financial hackers, but they hope at least that while studying the phenomena they will be able to predict their moves.

The fraud in detail

An interesting thing about the fraud is that they didn’t focus on the money, but on the personal datas of the users.

Like we said, the Trojan Ursnif moves with activities of phishing, but it always did to take the money from the bank accounts. This time, that they attacked the banks straight, the trojan releaved and copy up to 1700 contacts per bank.

What’s the final intention of this fraud is still a mystery. There is something sure, though: now not even the money are more important than the contacts. The wished object of the online criminals are the personal datas, to copy, clonater or even to use to move undercover on the web.



This post is also available in: Italiano