CYBER NEWS

GozNym Banking Trojan August 2016 Version Attacks German Banks

how-fast-can-malware-spread-across-town-stforum-

GozNym, the banking Trojan that was detected in April 2016, has been just caught once again in a new active campaign. This time victims of the banker are German users. Researchers at IBM X-Force say that the Trojan has been victimizing customers of 14 German banks. The research also indicates that victims are dealing with a new, improved version of GozNym.


How Are August 2016 GozNym Attacks Carried Out?

The attack scenario is based on the so-called web injection attacks. This is the type of attack where the Trojan gains control over the user’s browser and displays fake content whenever he accesses a banking portal.
Researchers have concluded that this is the primary method adopted by coders and distributors of banking Trojans. Interestingly, the method originates from an older banker, Gozi. Its code was leaked in 2014, and perhaps that’s how GozNym was born – it’s a hybrid built on code taken from Gozi and another Trojan, Nymaim.

What’s new with GozNym? There’s new redirection schemes in addition to the web injection-based attacks for all the targeted brands, demonstrating GozNym’s significant investment in German-language attack capabilities, researchers say.

Related: Rio 2016 Malware: Sphinx Banking Trojan Targets Brazilian Banks

The GozNym version that employed the redirection technique was first spotted in Poland in April and then it was deployed against banks in the US in June.

Recent telemetry data shows that the GozNym operators are now distributing new GozNym versions. The attacks are based on redirections and aggressive spam campaigns.

According to IBM’s report, the GozNym-related spam has jumped compared to July. August has seen 5 times more spam spreading the Trojan in comparison to all attacks of this Trojan.

Looking at GozNym’s timeline, it is evident that the gang operating the malware has the resources and savvy to deploy sophisticated cybercrime tactics against banks. The project is very active and evolving rapidly, making it likely to spread to additional countries over time.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...