Trojan
Ursnif
First seen: 2007-01 • Status: active
Currently Active Threat
Ursnif is an ancient banking virus that refuses to die. It steals online banking credentials and has been around since 2007.
Overview
Ursnif is one of the oldest and most persistent banking trojans. Its source code has been leaked multiple times, spawning many variants.
Also Known As
Gozi, ISFB, Dreambot
How It Spreads
- • Malspam
- • Malicious Office documents
- • Exploit kits
What It Does
- • Steals banking credentials
- • Performs web injection
- • Keylogging
- • Screen capture
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor for web injection
- • Watch for Ursnif network patterns
MITRE ATT&CK Techniques
T1185, T1056, T1113
If You're Infected
- 1.
Contact bank immediately
- 2.
Reset banking credentials
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required