Malware researchers from Cybaze-Yoroi ZLab have uncovered a new Ursnif campaign that is targeting Italy with a new infection chain. The malware is delivered as a malicious mail containing a password protected document. It asks for a password to enable the opening of the document, then asks for the correct password to open the document. At the time of writing, the AV score is zero and the malware has a zero AV detection rate. In almost all campaigns identified by the researchers it is possible to notice a massive usage of powershell as dropper stagers.”]
Source: https://securityaffairs.co/wordpress/99823/malware/ursnif-campaign-targets-italy.html