TA544 is a cybercriminal threat actor that spreads banking malware and other payloads throughout the world, including Italy and Japan. and Ursnif is a trojan that uses web injections, proxies, and VNC connections to steal information from websites.
Once the Ursnif payload was deployed on the target machine, recent TA544 Ursnif campaigns included activity that targeted several sites using web injects and redirections. Web injects are malicious code that is injected into a user’s web browser in order to steal data from specific websites.