Cisco Talos once again spotted the Ursnif malware in the wild. We tracked this information stealer after Cisco’s Advanced Malware Protection (AMP) Exploit Prevention engine alerted us to these Ursnif infections. Thanks to AMP, we were able to prevent Ursnif from infecting any of its targets. The alert piqued our curiosity, so we began to dig a bit deeper and provide some recent IoCs related to this threat, which traditionally attempts to steal users’ banking login credentials and other login information.