Security News Spam Flood Delivers New and Improved GozNym Banking Trojan

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Users of 13 German banks and their subsidiaries are targeted by a new and improved version of the GozNym banking trojan, IBM X-Force reports.

GozNym appeared in April 2016, and initially it targeted users in the US and Canada, using so-called "web injection attacks," a process in which the trojan takes over the user's browser and shows fake content when he accesses a banking portal.

This is the prevalent technique used by most banking trojans today, and its origin is in the Gozi banking trojan source code that leaked online in 2014. GozNym itself is a hybrid trojan made up by code taken from the Gozi and Nymaim trojans.

GozNym shifting to redirection attacks
Two weeks after GozNym was first seen, the crooks behind malware started experimenting with another technique called "redirection attack," which is when the malware redirects users to a fake banking portal, hosted on the GozNym gang's servers.

Only the Dyre banking trojan had previously used redirection attacks. The Dridex banking trojan also deployed redirection attacks at one point, but it was never its main mode of operation.

The GozNym version that used redirection attacks was first seen in Poland in April and then deployed en masse against banks in the US in June.

Massive spam flood delivers GozyNym banking trojan
According to recent telemetry data, the GozNym gang is now deploying GozNym versions that use redirections against users in Germany and are using massive spam floods to do so.

IBM reports that GozNym spam has gone up 3,550 percent compared to the previous month of July. Only in the month of August, the GozNym gang has sent five times more spam compared to all attacks hat have taken place in the previous four months put together.

"Looking at GozNym’s timeline, it is evident that the gang operating the malware has the resources and savvy to deploy sophisticated cybercrime tactics against banks," Limor Kessem writes. "The project is very active and evolving rapidly, making it likely to spread to additional countries over time."
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top