The IT security researchers at Proofpoint have discovered a new malware campaign in which threat actors from a group called TA544 are targeting organizations in Italy with Ursnif banking trojan.
Ursnif (also known as Gozi) has a history of targeting Italian organizations over the past year. The malware is capable of stealing banking information from targeted computers including credit card data. On the other hand, its variants deliver a variety of payloads including backdoors, spyware, file injectors, etc.
It is also worth noting that in August 2017, a researcher reported a spambot database called “Onliner Spambot” containing email addresses and clear-text passwords of 711 million users from around the world. The database was being used to send out spam and Ursnif banking trojan to users since 2016.
As for recent attacks from TA544; according to Proofpoint’s senior threat intelligence analyst Selena Larson, in recently observed campaigns, the group claims to represent Italian courier or energy organizations to
Read the article