GozNym Trojan Targets Customers from 24 Financial Institutions Stealing Millions of Dollars
A new hybrid malware threat has been constructed by a group of cybercrooks to specifically target banks and steal money. Already, what is being called the GozNym Trojan, has allowed cybercrooks to make away with millions of dollars from customers of 24 U.S. and Canadian banks.
GozNym is relatively new and is made up of two malware threats, the Nymaim dropper, and the Gozi banking Trojan. Together, the threats have formulated the perfect storm for a dangerous overcast of banking theft that is targeting banks, credit unions, and e-commerce entities mostly based in the U.S. So far, GozNym has only allowed cybercrooks to steal money from two Canadian banks with the remaining 22 banks being ones located in the U.S.
The purpose of the two threats that make one nasty Trojan infection comes two-fold where Nymaim is known as a Trojan dropper that downloads and runs other malware applications on infected computers. The Gozi banking Trojan, on the other hand, uses algorithms to manipulate web sessions making it easier to conduct online banking fraud attacks.
The IBM X-Force researchers, security pros who are responsible for monitoring and analyzing security issues from many different sources around the world, discovered and named the GozNym threat after finding out what how it is constructed.
According to IBM X-Force researchers, the top targets for GozNym appear to be business banking services. Through the use of detection evasion methods such as encryption, control flow obfuscation, anti-debugging actions, and anti-VM techniques, GozNym is the ultimate attack matrix for cybercrooks when it comes to targeting banks. GozNym can use a technique that injects malicious code into Web browsing sessions to ultimately preform online banking fraud.
The stealthy nature of GozNym, obtained mostly from its Nymaim evasion techniques, has been one of the major contributors to successful theft of money from as many as 24 financial institutions thus far. Moreover, in the past, Nymaim was used to install ransomware on computers, which is now a major pandemic in the computer security arena with ransomware being one of the most prevalent malware threats currently around.
The cybercriminal gang responsible for using Nymaim and later GozNym to target financial institution used to be on the front of spreading ransomware threats. Back in November of 2015, the same group refocused their efforts and started targeting financial institutions for the purpose of stealing money, which they have been successful doing through the use of GozNym making away with millions of dollars so far.
Fortunately, banking institutions are becoming aware on what to look out for as GozNym and its cybercriminal gang broadens their scope, thanks to the analytical work of IBM X-Force researchers.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.