skip to Main Content

Cybercrime, the change of telephone operator bait for Ursnif / Gozi in Italy

Malware Hunter JAMESWT Technical Analysis

The change of telephone provider goes out for Ursnif / Gozi in Italy. The doc attachment of a fake Vodafone email, different for each message, contacts a single link and downloads the dll that starts the malware infection

Ursnif / Gozi now arrives in Italy with the lure of a false change of telephone operator to switch to Vodafone. The email contains a doc attachment.

This, different for each message, if opened, contacts a single url and downloads the dll, which starts the malware infection chain.

Again, the campaign is aimed only against the European country. In fact, the DLL is downloaded only from Italian IPs. Ursnif / Gozi is a banking Trojan used by cybercrime to intercept network traffic, steal credentials and download other malware.

Back To Top