The phenomenon is growing on social network, but he false myth of impunity for criminals falls: they can be sentenced. Today we can and must denounce.
Technical analysis by the Malware Hunter JAMESWT
Cybercrime, Ursnif/Gozi exploits again BRT for a campaign in Italy. The xlsm attachment contacts a single url from which it downloads the dll, which starts the malware infection. But only from Italian IPs and if they are not blacklisted
Ursnif / Gozi goes back to hiding behind a fake BRT invoice in a new campaign in Italy.
The xlsm mail attachment, if opened, contacts a single url from which it downloads the dll, starting the malware infection.
Moreover, the cybercrime attack is targeted. The DLL, in fact, is downloaded only if only if three conditions are met:
- The IP must be Italian;
- The IP must not be blacklisted;
- The DLL must not have already been downloaded.
Ursnif / Gozi is a banking Trojan capable of intercepting network traffic, stealing credentials and downloading other malware. The campaign is identical to those that hit our country on 7 April, 4 and 11 May.