It has bank-specific configurations dedicated to launching redirection attacks against corporate banking customers.

https://www.infosecurity-magazine.com/news/ursnif-variant-adds-redirection/