JAMESWT discovers a new malspam campaign to distribute Ursnif (Gozi) in Italy. It is the third in a few days. The bait is always the Revenue Agency, but the malware is distributed by new links and Excel files. The attacks will continue
New malspam cybercrime campaign to convey Ursnif (Gozi) in Italy, the third in a few days. The bait is always a communication from the Revenue Agency (Agenzia delle Entrate). However, both the attachments (excel files) and the links from which the malware is downloaded change, pointing to two different URLs while in the past to a single one. Not to mention that every two or three hours the executable is renewed in order not to be detected by the antivirus. The cyber security researcher JAMESWT, who detected the two previous types of infection attempts to the country, discovered it. The target, even in this latest offensive, seems to be the companies. Furthermore, the short interval between campaigns suggests that they will continue, varying only slightly. Furthermore, the IP control, which establishes whether the machine is in Italy or not and consequently establishes whether or not to activate the infection chain, confirms that the target is precisely the country.