Two powerful Trojan viruses, identified as Gozi ISFB and Nymaim, have been blended together to produce a monster known as GozNym. The program has stolen more than 3 million dollars since it was initially spotted fourteen days ago.
Researchers at IBM’s security division were able to identify the hybrid Trojan, and stated that the Trojan program is presently installed or is working its way through the banking system. The virus can be found in more than 50 percent of the machines present in commercial financial institutions, credit unions, and microfinance banks. As for GozNym, it is—without a doubt—an extremely stealthy Trojan that incorporates the very best of both the Trojans previously mentioned.
Furthermore, GozNym is primarily being distributed through electronic mails with so-called infected macros that are using an infected attachment. Once infected, hackers then control the target’s web browser, slip credentials and move finances from the victim’s accounts to wherever they want. This mixing of the viruses or Trojans, is not uncommon and is an activity that is common in the security community. For example, last year’s banking Trojan, called Shifu, was an assortment of several malware programs such as Dridex, Shiz, Zeus as well as Gozi. Additionally, like Shifu, GozNym can be described as a Shifu in its own right (Shifu means ‘master’ in Mandarin Chinese).
The virus is a powerful patchwork of varieties, in which the two programs depend on each other to execute the malware’s central functions. Collectively, these two codes function a lot more efficiently when working together. GozNym uses Nymaim’s dual level malware dropper to contaminate a unit. Once it infiltrates a PC, the Nymaim aspect of the hybrid virus starts to score Gozi ISFB components, which is able to insert a harmful link collection (DLL), as reported by the experts.
However, previous variations of Nymaim used to retrieve and insert Gozi ISFB’s monetary component as a detailed DLL directly into the infected target’s browser, and made web injections feasible for the internet banking websites. That being said, the primary combined version of this hybrid was discovered during the start of this month.
As for the roots of Gozi ISFB and Nymaim, the first mentioned Trojan has been associated with internet banking attacks as early as 2007, and was famous for its ability to take secured information using sophisticated Winsock2 features.
However, the Nymaim Trojan was initially noticed three years ago and was labeled as ransomware. Then again, as reported by IBM, both Trojan viruses witnessed their source code being leaked, thus enabling a programmer to blend both of them and develop what we now know as GozNym.
If you would like to read about the Trojan in more detail, please visit IBM.
You want to support Anonymous Independent & Investigative News? Please, follow us on Twitter: Follow @AnonymousNewsHQ
This Article (A Monster Trojan Is Taking Over The Banking World And Cleaning Your Bank Accounts) is free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.com.