- Feb 4, 2016
- 2,520
A new malware campaign spreading the Ursnif banking Trojan using PowerShell to achieve fileless persistence to hide from anti-malware solutions was detected by Cisco's Advanced Malware Protection (AMP) Exploit Prevention engine.
Ursnif, which is also known as Gozi ISFB, is an offspring of the original Gozi banking Trojan that got its source code leaked online during 2014 and on which a lot of other banking Trojan strains were built, such as GozNym.
Moreover, Ursnif is a continuously evolving Gozi variant which has been regularly been updated with new capabilities over the years.