Home > Cyber News > GozNym Banking Trojan August 2016 Version Attacks German Banks
CYBER NEWS

GozNym Banking Trojan August 2016 Version Attacks German Banks

by   |  Last Update:  |  0 Comments  

how-fast-can-malware-spread-across-town-stforum-

GozNym, the banking Trojan that was detected in April 2016, has been just caught once again in a new active campaign. This time victims of the banker are German users. Researchers at IBM X-Force say that the Trojan has been victimizing customers of 14 German banks. The research also indicates that victims are dealing with a new, improved version of GozNym.

How Are August 2016 GozNym Attacks Carried Out?

The attack scenario is based on the so-called web injection attacks. This is the type of attack where the Trojan gains control over the user’s browser and displays fake content whenever he accesses a banking portal.
Researchers have concluded that this is the primary method adopted by coders and distributors of banking Trojans. Interestingly, the method originates from an older banker, Gozi. Its code was leaked in 2014, and perhaps that’s how GozNym was born – it’s a hybrid built on code taken from Gozi and another Trojan, Nymaim.

What’s new with GozNym? There’s new redirection schemes in addition to the web injection-based attacks for all the targeted brands, demonstrating GozNym’s significant investment in German-language attack capabilities, researchers say.

Related: Rio 2016 Malware: Sphinx Banking Trojan Targets Brazilian Banks

The GozNym version that employed the redirection technique was first spotted in Poland in April and then it was deployed against banks in the US in June.

Recent telemetry data shows that the GozNym operators are now distributing new GozNym versions. The attacks are based on redirections and aggressive spam campaigns.

According to IBM’s report, the GozNym-related spam has jumped compared to July. August has seen 5 times more spam spreading the Trojan in comparison to all attacks of this Trojan.

Looking at GozNym’s timeline, it is evident that the gang operating the malware has the resources and savvy to deploy sophisticated cybercrime tactics against banks. The project is very active and evolving rapidly, making it likely to spread to additional countries over time.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. GozNym – New Banking Malware on The Loose IBM X-Force Research experts have uncovered a new type of...
  2. BANKS Virus (.BANKS Files) — How to Remove This Phobos Ransomware The .BANKS virus is a Phobos ransomware that is currently...
  3. New Android Malware Targets 15 German Banks Christmas is coming! Unfortunately, in the realms of malware and...
  4. Ursnif v3 Banking Trojan on the Loose with Sophisticated Targeting Researchers at IBM have detected a new variant of the...
  5. Best Web Hosting Germany for 2021 (German Hosting Companies) *The data in this table may update every week because...
  6. Rio 2016 Malware: Sphinx Banking Trojan Targets Brazilian Banks The Sphinx Zeus banking Trojan first emerged in August 2015,...
  7. Chthonic – A new version of the Zeus Banking Trojan hits 150 banks in 15 countries Security experts with Kaspersky Lab report that a brand new...
  8. Remove Nymaim Trojan Horse This article will help you to remove Nymaim Trojan horse...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree