SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
20 Apr 2016

New GozNym banking malware steals millions in just days

A new banking trojan named GozNym is actively hitting U.S. and Canadian banks and has already taken about $4 million from two dozen North American banks.

IBM's X-Force Research team reported that 24 banks in the two countries, 22 in the U.S., have so far lost about $4 million to attacks using GozNym since the malware was discovered earlier this month. Who conducted the attacks is not known.

Limor Kessem, executive security advisor for IBM, wrote in a blog that GozNym was created by combining some of the source code from the older Nymaim and Gozi IFSB banking malware to create an even more dangerous piece of software. “From the Nymaim malware, it leverages the dropper's stealth and persistence; the Gozi ISFB parts add the banking Trojan's capabilities to facilitate fraud via infected Internet browsers," said Kessem. "The end result is a new banking Trojan in the wild.”

Attacks are so far pretty evenly split with business banks absorbing 28 percent of the attacks; credit unions, 27 percent; e-commerce 22 percent; retail banking, 17 percent; and the remaining six percent were in other types of institutions. GozNym uses its native Nymaim ability to infiltrate its targets through an exploit kit which drops a payload into the system that uses two executables for the infection routine, IBM said.

Giovanni Vigna, co-founder and chief technology officer of Lastline, told in an email Thursday that malware like GozNym is to be expected now. “While it is interesting to see two strands of malware becoming closely intertwined, it is not surprising. As for any software that has to be flexible and reliable, malware has been modularized for a while, so that functionality can be reused or loaded as-needed.

One industry executive said it was disappointing that GozNym has been successful because, while this malware is new, the type of attack has been seen before and the banking industry was told to beware.

“When you see an attack like GozNym picking up pieces of past malware to swipe another $4 million, it stings if you're a security professional. You know you told both IT and the business how they needed to react to attacks of this type when the original threats emerged. This just shows you that they didn't really listen then,” Jonathan Sander, vice president at Lieberman Software, told in an email Thursday. Sanders described this lack of concern as similar to that of a home that constantly broken into through an open window because the owner refuses to remember to lock it.

Tags:
GozNym information leaks USA
Source:
SC Magazine
1904
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015