Trojan-Spy.Win32.Ursnif is a banking Trojan written using Microsoft Visual C++. Also known as IAP, ISFB, Gozi, Rovnix, and Papras. Information for contacting command-and-control servers is either hard-coded in the Trojan itself or generated based on the current date and system configuration. Works with 32- and 64-bit versions of Internet Explorer and Firefox, and 32-bit versions of Chrome.
Main features include:
Geographical distribution of attacks by the Trojan-Spy.Win32.Ursnif family
Geographical distribution of attacks during the period from 28 June 2015 to 28 June 2016
Top 10 countries with most attacked users (% of total attacks)
* Percentage among all unique Kaspersky users worldwide attacked by this malware