A new variant of the infamous Ursnif malware was discovered hitting Italian users through a malspam campaign. Yoroi-Cybaze ZLAB isolated several malicious emails having the following content: VS Spedizione DHL AWB 9485696978972 proveniente dalla GRAN BRETAGNA AVVISO DI GIACENZA The initial dropper is an obfuscated javascript. Once run, it generates a lot of noisy internet traffic with the purpose to harden the detection of the real malicious infrastructures.”]
Source: https://securityaffairs.co/wordpress/78672/breaking-news/dissecting-ursnif-dhl-campaign.html