International Investigations Dismantle Network Behind GozNym Bank Malware

Spread the love

Investigative services from several European countries have taken action against a gang of malware distributors. The group used the GozNym banking Trojan to steal more than $100 million from more than 41,000 victims. The malware mainly affected companies and banks.

Investigative services from various Eastern European countries such as Bulgaria, Moldova and Ukraine took part in the action. Germany, the United States and Georgia were also involved in the action. It was coordinated by Europol, which provided details this afternoon. Ten of the suspects are being charged in Georgia, Ukraine, Moldova and the United States for creating the malware. In Germany, two suspects are also charged with laundering the loot and five suspects are still on the run. According to Europol, they come from Russia.

The gang had developed its own malware known as GozNym. It has been active since 2016. The name is a contraction of the two families of malware from which GozNym is derived: Nymian, which infects computers via an exploit kit, and Gozi, which can steal credentials via the browser. The malware was mainly used to steal victims’ bank details. The source code of those two existing viruses leaked out years ago. The malware also had various encryption techniques on board to evade detection by virus scanners.

The leader of the gang offered the malware as a service on the Internet. He recruited several gang members on Russian forums, who helped him further develop the malware. Buyers of the malware distributed it on a large scale and managed to infect more than 41,000 victims, according to Europol. Infections were through drive-by downloads and through attachments in phishing emails.

The investigation began as early as November 2016, according to Europol, when German authorities took offline a hosting provider from Ukraine that would be used to host more than 20 malware command-and-control servers, including GozNym.

You might also like