Security News Spam Flood Delivers New and Improved GozNym Banking Trojan

Exterminator

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Users of 13 German banks and their subsidiaries are targeted by a new and improved version of the GozNym banking trojan, IBM X-Force reports.

GozNym appeared in April 2016, and initially it targeted users in the US and Canada, using so-called "web injection attacks," a process in which the trojan takes over the user's browser and shows fake content when he accesses a banking portal.

This is the prevalent technique used by most banking trojans today, and its origin is in the Gozi banking trojan source code that leaked online in 2014. GozNym itself is a hybrid trojan made up by code taken from the Gozi and Nymaim trojans.

GozNym shifting to redirection attacks
Two weeks after GozNym was first seen, the crooks behind malware started experimenting with another technique called "redirection attack," which is when the malware redirects users to a fake banking portal, hosted on the GozNym gang's servers.

Only the Dyre banking trojan had previously used redirection attacks. The Dridex banking trojan also deployed redirection attacks at one point, but it was never its main mode of operation.

The GozNym version that used redirection attacks was first seen in Poland in April and then deployed en masse against banks in the US in June.

Massive spam flood delivers GozyNym banking trojan
According to recent telemetry data, the GozNym gang is now deploying GozNym versions that use redirections against users in Germany and are using massive spam floods to do so.

IBM reports that GozNym spam has gone up 3,550 percent compared to the previous month of July. Only in the month of August, the GozNym gang has sent five times more spam compared to all attacks hat have taken place in the previous four months put together.

"Looking at GozNym’s timeline, it is evident that the gang operating the malware has the resources and savvy to deploy sophisticated cybercrime tactics against banks," Limor Kessem writes. "The project is very active and evolving rapidly, making it likely to spread to additional countries over time."
Click to expand...
 
  • Like
Reactions: silversurfer, Logethica, Der.Reisende and 1 other person
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
    • Wow
Malware News New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics
Replies
0
Views
704
Security News
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
New Horabot campaign targets the Americas
Replies
0
Views
1,001
News Archive
silversurfer
silversurfer
MuzzMelbourne
    • Like
    • +Reputation
    • Wow
Anatsa Android trojan now steals banking info from users in US, UK
Replies
0
Views
884
News Archive
MuzzMelbourne
MuzzMelbourne

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top