Advintel cybersecurity experts: Malware operators now target exposed RDP connections to gain an initial foothold and exploit CVE-2018-8453 and CVE-2019-1069.
Malware Hunter JAMESWT Technical Analysis
The change of telephone provider goes out for Ursnif / Gozi in Italy. The doc attachment of a fake Vodafone email, different for each message, contacts a single link and downloads the dll that starts the malware infection
Ursnif / Gozi now arrives in Italy with the lure of a false change of telephone operator to switch to Vodafone. The email contains a doc attachment.
This, different for each message, if opened, contacts a single url and downloads the dll, which starts the malware infection chain.
Again, the campaign is aimed only against the European country. In fact, the DLL is downloaded only from Italian IPs. Ursnif / Gozi is a banking Trojan used by cybercrime to intercept network traffic, steal credentials and download other malware.