Banking Malware GozNym which first emerged in U.S has infected as many as 13 banks and their subsidiaries in Germany. GozNym has created a sensation among banking sector. It ought to because its quite scary when a Trojan goes on a rampage and infects as many as 13 banks. Researchers from IBM X-Force had first discovered this malware in US market in April 2016. Since then it has spread to other markets in Europe and now Germany. GozNym is a one of its kind rare hybrid Trojan comprising elements from the powerful Nymain Trojan and Gozi ISFB source code. It has been successfully used to steal “millions of dollars” from US banks and credit unions.
It works the same old way by targeting customers instead of bank servers. The Trojan works through a redirection attack which redirects the target to a phishing website similar to the original banking page. The hackers steal victim’s banking credentials in real time, test it against the bank’s genuine webpage and initiate a fraudulent money transfer out of the account. Meanwhile the victim is kept busy on the fake website and attackers push social engineering notifications to them, making them divulge personally identifiable information (PII) and two-factor authentication elements.
Banking malware GozNym is a serious threat. No matter how good your security apparatus is, this hybrid trojan poses a real threat of fraud. This is because it does not target the bank server but the victim. As per experts, GozNym is an evolving malware project on the scale of other banking trojans like Neverquest and Dridex. The malware presently comprises of an exploit kit dropper, web injection capabilities, anti VM, encryption and control flow obfuscation which makes malware very powerful and hard to detect.
The bank should send out an advisory to its customers with regard to precautionary steps they should take against GozNym. Users must keep their device’s operating systems up to date at all times, update frequently used programs and delete applications they no longer use. Users should also use Ad Blockers to disable ads and avoiding susceptible sites typically used as infection hubs. Never click on links or attachments in unsolicited emails. Users should strictly not enter their online banking credentials in any page when using public WiFi.