Ursnif, the most widespread banking trojan in Italy: the risks and how to defend yourself

Ursnif has become the most widespread computer virus in Italy in recent months and has tried to infect many companies: here's how to defend yourself

Italy is under attack: it is booming infections of Italian Windows PCs by Ursnif, a dangerous banking trojan that steals access credentials to online bank accounts. According to Check Point Research, this malware is the most detected threat in May, attempting to infiltrate the computers of 14% of companies, compared to an average of 2% globally.

With this new wave of attacks, Ursnif has entered the top 10 threats detected by Check Point Research for the first time, while another trojan, Dreambot, has disappeared. Dreambot is itself one of Ursnif's variants, one of the oldest since it dates back to 2014. As early as March 2020, however, Dreambot's backend server stopped working and now it's clear why: hackers are focusing more on Ursnif and other trojans. Like Dridex, which entered the top 10 for the first time just March. "With Dridex, Agent Tesla and Ursnif all in the top 5 in May, it's clear that cyber criminals are focusing on using malware that allows them to monetize victims' data and credentials," explains Check Point's Maya Horowitz.

How Ursnif Works

Ursnif is a banking trojan, which means it infiltrates computers (only those running Windows, at the moment) to search and steal bank account data in order, of course, to empty it. This malware is spread through spam email campaigns, with Word or Excel attachments. If the user opens the attachment, the infection begins. Ursif has the ability to lurk and hide in the computer and boot up along with the operating system. When in action, Ursnif records our activities in order to seize not only banking data, but also other personal data such as email access data. Once the data is collected, Ursnif connects to its control server and transmits it to you.

How to defend yourself against Ursnif

In order not to risk getting infected by Ursnif, you should be very careful with the e-mails you receive, because this trojan spreads mostly via attachments. Typically, these emails are written in incorrect Italian, with several errors, and the attached file has a name like "[COMPANY-NAME-VICTIME]_Request.doc" or similar. These messages should be considered dangerous, and if you have accidentally opened one of these attachments, then you should quickly run a full antivirus scan of all the data on your computer.