CyberNews Briefs

Ursnif Trojan is back with fileless persistence

Carbon Black researchers have uncovered a sophisticated malware campaign involving the infamous Ursnif Trojan, also known as Dreambot, and the popular GandCrab ransomware. In the first stage of the campaign, threat actors distribute spam emails containing Microsoft Word documents that have been corrupted with malicious macro scripts.

The macros inside the Word document can activate PowerShell on targeted devices and instruct it to download Ursnif as well as the latest version of GandCrab. This use of macros and PowerShell scripting is in line with a growing trend of fileless or living-off-the-land attacks in which machines are compromised through malicious code that runs in memory by taking advantage of tools on the target system.

Read more: Ursnif Trojan is back with fileless persistence

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.