New Phishing Campaign Drops Ursnif into Conversation Threads


A new phishing campaign spotted this September shows increased sophistication from the operators, who take over email accounts and insert a banking trojan in conversation threads.

The malware comes through replies to existing discussions, a powerful social engineering approach likely to guarantee a high rate of success because it relies on the familiar context the victim already trusts.

The lure for installing the malware is an attached document which, once launched, springs a routine for retrieving the latest version of Ursnif malware. It runs only on systems running Windows Vista and above and avoids machines with Russian or Chinese locales.