Experts are currently warning of a wave of Trojans using the Ursnif malware. The Trojan is distributed through a zip archive attached to an email. The message can also come from a known sender. The zip archive is password-protected, so anti-virus programs cannot check the file for viruses. The password for the zip archive is in the mail text.
Trojan Ursnif hides itself in a Word file in the zip archive. As a result, anyone who opens the Word file should activate macros. Only then can the malware infect the computer. Such macros only work with Microsoft Office. Anyone who uses another program such as Open Office should not catch a trojan.
Ursnif is a banking Trojan that records various sensitive information. Including username and passwords from web forms. The program can also take screenshots, intercept keystrokes or load and start other software on the infected computer. The Ursnif Trojan steals usernames, passwords and personal data from web forms on the infected computer and loads additional malware. In addition, as a keylogger, it can intercept keyboard input and also take screenshots. The malware sends all captured data to a command and control server.
Antivirus Programs Cannot Warn You
The archive is password-protected, so it is not possible for antivirus programs to scan it and alert the user. To open the archive, you will receive the associated password in the mail. If you then open the Word file, often disguised as an invoice, and activate the macro function as described in the document, you will get the malware on your computer. For security reasons, macros have long been deactivated in Word by default. However, they can be switched on with just a few clicks, which attackers exploit.
To avoid infection, you should generally be critical of links or email attachments – especially if you receive a message without being asked. If the mail comes from a known sender, you should inquire by phone or in person whether a mail has been sent.
