Menu
GozNym Trojan turns its sight on business accounts at major US banks

GozNym Trojan turns its sight on business accounts at major US banks

The malware redirects victims to perfect replicas of online banking websites

A hybrid Trojan program created for financial fraud has started redirecting users of four large U.S. banks to rogue websites in order to hijack their accounts.

GozNym is a relatively new threat, first discovered in April, and is based on the Nymaim malware dropper and the Gozi banking Trojan. Like most banking Trojans, GozNym can inject rogue code into banking websites displayed in local browsers in order to steal credentials and other sensitive information.

However, in addition to this old technique, the cybercrime gang behind it has also built the necessary infrastructure to host rogue copies of banking websites, and they've started to redirect victims there.

GozNym used this redirection method two months ago against users of several banking websites from Poland. However, according to researchers from IBM's X-Force team, its authors have recently launched similar attacks against the online business banking services of four large U.S. banks.

First, the Trojan redirects the victim to the fake version of the site hosted on the attackers' infrastructure, and it then temporarily displays a white overlay over the page. This unusual masking trick might be intended to distract the users and to make them believe that the page is harmless.

The fake sites are perfect replicas of the real ones. The malware uses some technical tricks locally to keep the bank's real URL in the address bar and even the SSL certificate.

Once users input their credentials into the fake website, the credentials are tested in real-time against the bank's genuine website. If they work, the attackers initiate fraudulent money transfers out of the victim's account.

"Moreover, the victim is kept on the fake website, where the attacker can push social engineering notifications to them, making them divulge personally identifiable information and two-factor authentication elements," the IBM X-Force researchers said in a blog post.

Despite being new, GozNym is quickly gaining ground in the cybercrime arena, currently ranking fifth for banking Trojan activity in 2016. The IBM researchers expect that after this testing period, its creators will add more U.S. banking websites to the rogue redirection list. The researchers didn't name the original banks targeted.

In addition to the usual security recommendations of keeping software up to date, running an antivirus program, and being wary of email attachments, employees in charge of finances inside companies should try to use dedicated computers to access bank accounts and operate financial transactions. These computers shouldn't be used for other tasks like general browsing and email.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments