PRINCETON, N.J.—A newly discovered variant of the long-running Ursnif banking Trojan is able to better evade security protection and has the ability to steal not only financial information, but also email user accounts, the content of inboxes and digital wallets, researchers are reporting.
Researchers at Cybereason first noticed the new Ursnif campaign earlier this year. The Trojan, which also goes by the name Gozi, has been around for more than 10 years, but it has become more popular since 2015, when someone posted the source code on Github, Bank Info Security explained.
Since then, malicious actors have tweaked the code to meet their needs, and several variants of Ursnif have appeared—mainly attacking banks and other financial institutions. According to the researchers at Cybereason, who found the new variant by monitoring customer data and other information from January and February, Bank Info Security said.
In this latest campaign, the Trojan has only been spotted in Japan, and the full extent of these attacks is still under investigation, Bank Info Security said.
Assaf Dahan, a security researcher with Cybereason, told Bank Info Security that the actors behind these types of Trojans generally know which banks and which customers they want to target.