First Moscow air strikes in Idlib after two months. The target is the pro-Ankara militias. Meanwhile, the SAA attacks in the north of the province.
Malware Hunter JAMESWT Technical Analysis
New Ursnif / Gozi campaign in Italy, exploiting a fake BRT expedition. The email xls attachment contacts a single link and downloads the dll, which activates the infection of the malware. Provided that the IP is Italian and not on the blacklist
New Ursnif / Gozi campaign in Italy through a fake BRT expedition.
The email xls attachment, if opened, contacts a single link from which the malicious dll is downloaded, triggering the malware infection.
This, however, provided, that the potential victim uses Internet Explorer. Moreover, the cybercrime attack is explicitly directed against Italy. The DLL, in fact, is downloaded only if only if two conditions are met:
- The IP must be Italian;
- The IP must not be blacklisted.
Ursnif / Gozi is a banking Trojan used by cybercrime to intercept network traffic, steal credentials and download other malware.