{
	"id": "338f0cb2-f984-40fe-9009-0123d52c90d6",
	"created_at": "2026-04-06T00:15:53.564996Z",
	"updated_at": "2026-04-10T03:21:59.666494Z",
	"deleted_at": null,
	"sha1_hash": "10845d690bd9e6bf688f2ac3c66798e05c216cd3",
	"title": "Ursnif Banking Trojan Claims More Victims",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 29830,
	"plain_text": "Ursnif Banking Trojan Claims More Victims\r\nBy Christopher Budd 2 Mar 2021\r\nArchived: 2026-04-05 21:28:11 UTC\r\nRecently, Avast Threat Labs researchers were able to obtain information on possible victims of Ursnif malware.\r\nUrsnif is malware that began life in 2007 as a banking Trojan but has evolved over the years and has remained a\r\nconstant and persistent threat.\r\nUrsnif has targeted users in many countries around the globe throughout the years, often spread using native-language email lures. Among the countries Ursnif has significantly impacted is Italy, a fact that we found reflected\r\nin the information our researchers obtained.\r\nOn analyzing the information, our researchers found information that could be used to help protect past and\r\ncurrent victims of Ursnif. Specifically we found usernames, passwords, credit card, banking and payment\r\ninformation that appears to have been stolen from Ursnif victims by the malware operators. We saw evidence of\r\nover 100 Italian banks targeted in the information we obtained. We also saw over 1,700 stolen credentials for a\r\nsingle payment processor.\r\nOur research teams have taken this information and shared it with the payment processors and banks we could\r\nidentify. We’ve also shared this with financial services information sharing groups such as CERTFin Italy.\r\nWith this information these companies and institutions are taking steps to protect their customers and help them\r\nrecover from the impact of Ursnif.\r\nAvast believes strongly in information sharing to protect everyone on the internet and this is an example of how\r\nAvast Threat Labs research can help protect not just our customers but everyone on the internet.\r\nSource: https://blog.avast.com/ursnif-victim-data\r\nhttps://blog.avast.com/ursnif-victim-data\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://blog.avast.com/ursnif-victim-data"
	],
	"report_names": [
		"ursnif-victim-data"
	],
	"threat_actors": [],
	"ts_created_at": 1775434553,
	"ts_updated_at": 1775791319,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/10845d690bd9e6bf688f2ac3c66798e05c216cd3.pdf",
		"text": "https://archive.orkl.eu/10845d690bd9e6bf688f2ac3c66798e05c216cd3.txt",
		"img": "https://archive.orkl.eu/10845d690bd9e6bf688f2ac3c66798e05c216cd3.jpg"
	}
}