VERY IMPORTANT

Yoroi has identified an extensive attack campaign against Italian users and organizations. The fraudulent emails claim to be from the Revenue Agency and request the victims to view the document attached, but not to forward it to other users. The messages contain an attached compressed archive with a malicious Excel document inside capable of infecting the target machine with Ursnif malware. The document contains an XLM macro which, is able to bypass perimeter anti-macro protection filters.