GozNym – New Banking Malware on The Loose - How to, Technology and PC Security Forum | SensorsTechForum.com

GozNym – New Banking Malware on The Loose

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

SensorsTechForum-backdoor-trojan-horse-malware-ransomware-spreadIBM X-Force Research experts have uncovered a new type of banking Trojan. The malware is reported to be a combination between two previously detected banking Trojans – Nymaim and Gozi. Researchers have established that the Trojan contains features of both Trojans and uses obfuscated payload to evade malware detection. Anyone who believes that they have been affected by this banking trojan should immediately disconnect their system and read the article below to remove this threat permanently, after which change all of their financial credentials.

TypeBanking Trojan
Short DescriptionThe threat may infect systems related to banking activities and steal financial information or funds from compromised accounts.
SymptomsStarted by a malicious executable. Also reported to download other malware such as ransomware on the infected computer.
Distribution MethodVia malicious executables.
Detection ToolDownload Malware Removal Tool, to See If Your System Has Been Affected by GozNym
User Experience Join our forum to discuss GozNym.

GozNym Banking Trojan – Distribution

Even though the Trojan is extremely effective, its spread may only be limited to targeted institutions, because banks and other e-payment vendors have strengthened their core security, pushing cyber-criminals to focus on other e-payment and online financing institutions. In fact, this particular Trojan has reported attacking institutions primarily located in North America, Europe, and South America.

Related article
Cyber Criminals Have New Targets – Online Payment Systems

The methods of the Trojan spreading may vary. The most widely used method to spread the Trojan is via an Exploit kit. In fact, malware researchers have reported it to infect over million devices via an executable, containing the infamous BlackHole exploit kit, first appeared in 2012.

GozNym Banking Trojan In Detail

Researchers at IBM X-Force report that to successfully infect user PCs, this Trojan uses the dual code, part of which is Gozi IFSB’s code and the other part – Nymaim’s Loader. This is particularly interesting because it contains different functions from both the malware codes. It is convenient because every time the Gozi IFSB portion of the malware requests a function or a feature from Nymaim Trojan.

The way this hybrid works is via intermediary “call” type of codes. One of them reported by IBM researchers is used every time GozNym IFSB wants to use a feature of Nymaim:


The difference between the old Gozi IFSB’s is that instead of a .DLL file which is reported to have been 150KB, the new GozNym hybrid directly injects code into the browser which contains its buffer. This code is around 50 KB in size. But not only this, but the buffer also contains portions of Nymaim’s code.

Conclusion and Removal of GozNym

The bottom line for this Trojan is that it is extremely powerful and effective and can steal the financial data of an infected device without the users noticing it. The removal of GozNym is a very tricky process, because, in order to remove something, it has to be detected first. For both of those to happen, it is required to have an advanced anti-malware software which will stop the malware in the first place. Not only this, but the removal of GozNym requires specific actions, for different systems.

For Windows systems, we recommend following the below-mentioned instructions.

1. Boot Your PC In Safe Mode to isolate and remove GozNym
2. Remove GozNym with SpyHunter Anti-Malware Tool
3. Back up your data to secure it against infections by GozNym in the future
Optional: Using Alternative Anti-Malware Tools
NOTE! Substantial notification about the GozNym threat: Manual removal of GozNym requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share