Business Security

Avast researchers obtain Ursnif victim data: Reach out to help victims

Christopher Budd, 2 March 2021

The Ursnif banking Trojan has hit over 100 Italian banks

Recently, Avast Threat Labs researchers were able to obtain information on possible victims of Ursnif malware.

Ursnif is malware that began life in 2007 as a banking Trojan but has evolved over the years and has remained a constant and persistent threat.

Ursnif has targeted users in many countries around the globe throughout the years, often spread using native-language email lures. Among the countries Ursnif has significantly impacted is Italy, a fact that we found reflected in the information our researchers obtained.

On analyzing the information, our researchers found information that could be used to help protect past and current victims of Ursnif. Specifically we found usernames, passwords, credit card, banking and payment information that appears to have been stolen from Ursnif victims by the malware operators. We saw evidence of over 100 Italian banks targeted in the information we obtained. We also saw over 1,700 stolen credentials for a single payment processor.

Our research teams have taken this information and shared it with the payment processors and banks we could identify. We’ve also shared this with financial services information sharing groups such as CERTFin Italy.

With this information these companies and institutions are taking steps to protect their customers and help them recover from the impact of Ursnif.

Avast believes strongly in information sharing to protect everyone on the internet and this is an example of how Avast Threat Labs research can help protect not just our customers but everyone on the internet.