Since the leak of the Ursnif/Gozi source code about two years ago there have been multiple campaigns delivering either Ursnif or its ‘forks’ (e.g. GozNym).
Banking malware is a lucrative business and it was more or less inevitable that a wider range of cybercriminals will take advantage of the opportunity to run their own campaigns, adding to the original code base as they went along. We’ve already discussed some earlier campaigns on this blog, but over the past several weeks we have been examining what appears to be an offshoot of the original Ursnif codebase being targeted – for the time being – predominantly against the UK and Italy.
Article Link: https://blogs.forcepoint.com/security-labs/many-faces-ursnif-email-hijacking-mailslots-and-insecure-servers