Hereby Yoroi wishes to inform you about a new wave of attacks directed at Italian organizations and utilities. The campaign is manifested by fraudulent emails containing links aimed at downloading compressed archives ” New 1.zip document ” (similar to what was observed in  N071018 and N031018 ). Inside the zip file there is a vbs script able to download and install a malware system of the Ursnif family , able to capture and exfiltrate credentials, intercept web sessions and keystrokes, provide backdoor access to infected hosts.

https://blog.yoroi.company/warning/attacchi-ursnif-nuovo-documento/