The Ursnif trojan, also known as Gozi, is one of the most widely spread banking Trojans. It is capable of logging keystrokes, exfiltrating data, as well as tracking the activity of the network and the browser.
• Ursnif malware has been identified as one of the most prolific Trojans in the cybercrime landscape since 2007. This malware is one of the most effective types of malware delivered through spam campaigns. In 2015, the source code of the malware was leaked.
• An important milestone has been reached for the URSNIF malware with the discovery of a new variant in June 2022.
• A new variant of URSNIF, known as LDR 4, operates as a generic backdoor (similar to the short-lived SAIGON variant) and may have been created specifically for the purpose of enabling ransomware and data theft extortion.
• The purpose of the malware has changed significantly from its original design, but this is consistent with the broader threat landscape of the present day.