Threat Awareness – Old Malware Repurposed for Ransomware Attacks

Ursnif malware, one of the most financially destructive banking malware in history, has been retooled into a backdoor trojan that could be used to steal data or execute ransomware attacks. This update has been characterized as a “significantly dangerous variant … that should be watched closely,” according to security researchers at Mandiant.

Ursnif malware has been primarily a banking trojan since 2006 and since then its source code has leaked online, which led to the creation of new variants that are used today. In their recent report, Mandiant analyzed a new variant, dubbed LDR4, which has repurposed Ursnif into malware in the style of Trickbot and Emotet. Accordingly, this new variant of Ursnif allows threat actors to exfiltrate data or use it as a backdoor to deliver ransomware. LDR4 was first observed in June of this year and is distributed via phishing emails. Since Ursnif spreads primarily via email, one of the best prevention methods is to regularly remind users to be extra vigilant for suspicious emails. Access the full report at Mandiant or read more at ZDNET.