An untold story of a Spy

Diwakar Kumar Dinkar & Rahamathulla Hussain, McAfee Labs

The cyber security is evolving over a period adapting new technologies to stop computer threats. At the same time, these cyber threats are also evolving rapidly, developing new techniques to evade detection from security products. In cybersecurity industry, we have been watching every year that there is a huge rise in Ransomware but this year Info-stealer played some vital roles in stealing financial details from customer.

This Paper will present behavior and the complete technical details of Ursnif in a quick view. We will focus on the reason, why these malware authors give more preference to Info-stealer instead of other malwares. A short overview about the history of this, its infection vector and complete working principle.

This presentation will also share about their campaigns, url patterns and the secrets behind the sustenance of Ursnif which involves the use of mail-slot, process hallowing components for successful exploitation to inject the code into legitimate Process and steals the victim Banking credentials successfully.

We will conclude on why authors giving importance to Info-stealer Trojan nowadays. We also conclude by saying that how to prevent and protect yourself from these types of Info-stealer.

Diwakar Kumar Dinkar

Diwakar is a security researcher in McAfee Labs, India, since 2014. He is a part of Threat intelligence team which focuses on cybercrime analysis and attack correlation. His work currently targets non-executable Windows malware. He finished his Master’s degree in 2012. At the moment he’s also a PhD student researching the field of IOT threats. Having over 5 years of security industry experience, Diwakar regularly contributes his research through blogs and whitepapers. He is the author of the McAfee-published white papers “The return of macro malware”, “Adwind Java-based malware”, “Hiding in plain sight: The concealed threat of steganography” and “The rise of script-based malware”. Diwakar’s personal interests include reading (politics and mathematics), sport and teaching.

Rahamathulla Hussain

Rahamathulla Hussain is working as a Security Researcher at McAfee Labs, India. He works on Malware Analysis, reverse engineering, writing blogs and provide the generic solution for prevalent malware. He started his career in 2011 as Threat Research Analyst at Technosoft Global Services, India. Later he joined K7 Computing, Chennai and worked as Threat Researcher in K7 Threat Control Lab. He holds a bachelor’s degree in Electrical and Electronics Engineering from Anna University. His hobbies include tourism and reading blogs.

The Dynamic Security Ecosystem
Other Topics