A Monster Trojan Is Taking Over The Banking World And Cleaning Your Bank Accounts

9

Two powerful Trojan viruses, identified as Gozi ISFB and Nymaim, have been blended together to produce a monster known as GozNym. The program has stolen more than 3 million dollars since it was initially spotted fourteen days ago.

Loading...

Researchers at IBM’s security division were able to identify the hybrid Trojan, and stated that the Trojan program is presently installed or is working its way through the banking system. The virus can be found in more than 50 percent of the machines present in commercial financial institutions, credit unions, and microfinance banks. As for GozNym, it is—without a doubt—an extremely stealthy Trojan that incorporates the very best of both the Trojans previously mentioned.

Image Source: Security Intelligence – A figure showing the Trojan’s target market, mainly in the United States.

Furthermore, GozNym is primarily being distributed through electronic mails with so-called infected macros that are using an infected attachment. Once infected, hackers then control the target’s web browser, slip credentials and move finances from the victim’s accounts to wherever they want. This mixing of the viruses or Trojans, is not uncommon and is an activity that is common in the security community. For example, last year’s banking Trojan, called Shifu, was an assortment of several malware programs such as Dridex, Shiz, Zeus as well as Gozi. Additionally, like Shifu, GozNym can be described as a Shifu in its own right (Shifu means ‘master’ in Mandarin Chinese).

Image Source: Security Intelligence – A bloggers data showing his research that shows the data via the Black hole kit.

The virus is a powerful patchwork of varieties, in which the two programs depend on each other to execute the malware’s central functions. Collectively, these two codes function a lot more efficiently when working together. GozNym uses Nymaim’s dual level malware dropper to contaminate a unit. Once it infiltrates a PC, the Nymaim aspect of the hybrid virus starts to score Gozi ISFB components, which is able to insert a harmful link collection (DLL), as reported by the experts.

Image Source: Security Intelligence – A chart showing the original Gozi ISFB DLL that used to be fetched by Nymaim.

However, previous variations of Nymaim used to retrieve and insert Gozi ISFB’s monetary component as a detailed DLL directly into the infected target’s browser, and made web injections feasible for the internet banking websites. That being said, the primary combined version of this hybrid was discovered during the start of this month.

Image Source: Security Intelligence – A chart showing how the new Goznym works.

As for the roots of Gozi ISFB and Nymaim, the first mentioned Trojan has been associated with internet banking attacks as early as 2007, and was famous for its ability to take secured information using sophisticated Winsock2 features.

Loading...

However, the Nymaim Trojan was initially noticed three years ago and was labeled as ransomware. Then again, as reported by IBM, both Trojan viruses witnessed their source code being leaked, thus enabling a programmer to blend both of them and develop what we now know as GozNym.

If you would like to read about the Trojan in more detail, please visit IBM.

Source: Softpedia News, Security Intelligence


You want to support Anonymous Independent & Investigative News? Please, follow us on Twitter:


This Article (A Monster Trojan Is Taking Over The Banking World And Cleaning Your Bank Accounts) is free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.com.

Loading...

9 COMMENTS

  1. EXACTLY. Nice article but if you aren’t going to share with the average bear how to combat this or avoid it then the article is for hype sake only!!! Just trying to pass the scare around.That is not good. Makes me question this site now.

  2. the average man would stop dressing up his credit union in silly outfits. CUSTOMERS on the other hand should know to bank at an fdic certified and insured place

  3. The reason no remedy is being shared is that this article is a copy of the article IBM is using to try to sell security services. to banks and other financial institutions.
    It should be noted, this website is NOT Anonymous, the hacker group, it is a for profit enterprise that uses click-bait just like other “news sources.”

  4. This is all 100% preplanned by the central banker globalists aa New World Order as another (Problem – Reaction – Solution) strategy. They create the bank virus and let it loose, watch society crash and step in with a magical solution. The only catch? We lose most of our freedoms and liberties.

  5. As a customer this article gives me awareness and the right to ask my bank what measurements are they taking to protect my money, on the other hand, I do not have the power to stop this malware. However, this article is a warning for the banks. For them to update their systems so they can protect our money. As far as this article being a promotion done by the IBM – so what! Let it be, at least they are the ones doing something about it.

  6. As a customer this article gives me awareness and the right to ask my bank what measurements are they taking to protect my money, on the other hand, I do not have the power to stop this malware. However, this article is a warning for the banks. For them to update their systems so they can protect our money. As far as this article being a promotion done by the IBM – so what! Let it be, at least they are the ones doing something about it.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.