is malware that allows an attacker to gain backdoor access and control of your computer. Once installed, TrojanSpy:Win64/Ursnif.A steals personal information and sends it to the attacker.
may be installed in your computer as a result of a drive-by download attack, if you visit a hacked or malicious website. TrojanSpy:Win64/Ursnif.A may also be installed by other malware.
Connects to a server
connects to a remote server to receive commands from a remote attacker. The attacker can command TrojanSpy:Win64/Ursnif.A to perform any of the following commands:
- Grab HTTP outbound traffic (POST data)
- Grab FTP transfer data (GET/PUT commands)
- Capture screenshots
- Get your browser cookies
- Get your digital certificates
- Upload files to a server
- Clear browser cookies
- Restarts your computer
- Get a list of all running processes
- Kill a running process
- Execute a shell command
- Download and execute a file
- Add a program to the system startup registry
To perform these actions, TrojanSpy:Win64/Ursnif.A injects itself into the following web browser processes:
may upload stolen data to the following servers:
Analysis by Sergey Chernyshev
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.