Security company Mandiant has discovered that a new variant of the Ursnif malware, also known as Gozi, has repurposed into a backdoor trojan that has been described as very dangerous. The backdoor trojan will likely be used in ransomware attacks, the security firm says. Ursnif is one of the oldest and most successful forms of banking malware and first appeared in 2006. According to the FBI, the malware caused tens of millions of dollars in losses and was one of the most financially destructive computer viruses ever observed. Since the height of its activity, the original source code has leaked.
The original source code has been used to spawn several new variants of the destructive malware that continue to be leveraged in attacks. Mandiant states that the new variant, called LDR4, has repurposed the original source code of Ursnif into malware that closely resembles the style of Trickbot and Emotet. Until now, the goals of the malware spawned from Ursnif have largely remained constant, stealing bank details.