Ursnif malware, also known as Gozi, is a banking trojan capable of stealing financial information from the targeted victim’s devices. Recently, Avast researchers reported their latest findings of Ursnif trojan, which includes attacks on several financial institutions.

Latest discoveries

According to the report, Ursnif's recent activity has significantly impacted Italian financial organizations.
  • It has launched several attacks against at least 100 banks in Italy using native-language email lures.
  • For an unnamed payment processor, researchers had discovered over 1,700 sets of stolen credentials.
  • Avast has informed the possible victim banks and CERTFin Italy, a financial services data exchange managed by the Bank of Italy and the Italian Banking Association (ABI).

Recent activities

In the past few months, Ursnif has been actively used to target several financial organizations, mostly located in Italy.
  • In January, a fresh variant of the trojan was targeting an Italian organization in a phishing campaign.
  • In mid-2020, Darktrace researchers had observed malicious activities carried out by Ursnif the U.S. and Italy across multiple industries.


Since its emergence in 2007, Ursnif has remained a persistent threat to financial institutions. With millions of users targeted so far, Ursnif has evolved as a sophisticated malware. Recent attacks on Italian banks points towards the continued interest of its operators in the European region. Since this malware is still making new waves of attacks, experts recommend users keep their financial information secure by using multi-factor authentication and data encryption solutions.

Cyware Publisher