Two distinct campaigns are spread GandCrab ransomware and Ursnif Trojan via weaponized docs

January 25, 2019

Experts pointed out that the cybercrime gangs behind the two campaigns are different, but they discovered many similarities in them.

Attackers spread phishing messages using weaponized Microsoft Word document and leverages Powershell to deliver fileless malware.

Ursnif is a banking trojan that was spreading since November 2017, it is also able to monitor browsing activities, collect keystrokes, system and process information, and deliver additional payloads.

GandCrab is a popular ransomware that has been active since early 2018.

Security experts at Carbon Black observed nearly 180 variants of weaponized MS Word documents associated with one of the campaigns.

Read More on Security Affairs