New malware GozNym is stealing millions from U.S. bank account holders

Hiding your money under your mattress may seem like an antiquated idea, but it may be the only way to stop a new hybrid malware monster that is attacking American and Canadian bank accounts. Known as GozNym, the malicious code actually combines two already powerful viruses known as Nymaim and Gozi. The resulting Trojan is as ruthless as it is resilient, and it has already been used to steal $4 million from over 24 U.S. and Canadian banks.

According to the IBM X-Force Research team that first uncovered this dangerous new weapon, which is being wielded by Eastern European hackers, GozNym takes the worst of each of its “parents.” “From the Nymaim malware, it leverages the dropper’s stealth and persistence; the Gozi ISFB parts add the banking Trojan’s capabilities to facilitate fraud via infected Internet browsers,” the IBM team writes. “The end result is a new banking Trojan in the wild.”

GozNym was first unleashed in early April, and has already inflicted considerable damage. It is unclear as of yet as to how many customers thus far have been affected, but the worst doesn’t appear to be over quite yet. IBM says that “GozNym’s operators’ top target is business accounts.” 50 percent of the attacks have been banking and credit unions, and another 17 percent of victims are retail banks.

This malware is particularly dangerous because it targets the actual consumer. Essentially, GozNym sneaks its way into a computer when an account holder clicks on email attachments or links, and then stays dormant until the user logs on to his or her bank account. Once this happens, GozNym really goes to work, stealing and sending information to hackers. “It all happens without the user seeing anything,” Etay Maor, executive security adviser at IBM Security tells the Wall Street Journal.

“To help stop threats like GozNym, banks and service providers can use adaptive malware detection solutions and protect customer endpoints with malware intelligence,” IBM notes. These tools could provide “real-time insight into fraudster techniques and capabilities, designed to address the relentless evolution of the threat landscape.”

Leave a Reply

Captcha image