Pinkerton Insights Podcast

The cyber-security company Cybereason issued a report last week on a new malicious campaign carried out in Japan, which uses Ursnif trojan to steal bank-related information. The cyber-attack begins when the user receives a phishing email that contains an infected Office document, which asks for permission to enable macros; thus, tests to verify if the victim is in Japan begin. Once it is confirmed, a PowerShell payload – fixed in an image – executes Bebloh trojan, which would later download the Ursnif from the malicious actor’s server. Attacks using the mentioned trojan are not uncommon in the country; however, in this campaign, the hackers have overhauled and added functionalities that make it more persistent and difficult to detect. Some of the features are modules targeting anti-PhishWall and Rapport; IE, Outlook, and Thunderbird stealers; and software specialized on disk encryption and theft of cryptocurrency.  We assess that attackers will continue to develop malicious campaigns in the long-term; those l