Menu
GozNym Trojan turns its sight on business accounts at major US banks

GozNym Trojan turns its sight on business accounts at major US banks

The malware redirects victims to perfect replicas of online banking websites

A hybrid Trojan program created for financial fraud has started redirecting users of four large U.S. banks to rogue websites in order to hijack their accounts.

GozNym is a relatively new threat, first discovered in April, and is based on the Nymaim malware dropper and the Gozi banking Trojan. Like most banking Trojans, GozNym can inject rogue code into banking websites displayed in local browsers in order to steal credentials and other sensitive information.

However, in addition to this old technique, the cybercrime gang behind it has also built the necessary infrastructure to host rogue copies of banking websites, and they've started to redirect victims there.

GozNym used this redirection method two months ago against users of several banking websites from Poland. However, according to researchers from IBM's X-Force team, its authors have recently launched similar attacks against the online business banking services of four large U.S. banks.

First, the Trojan redirects the victim to the fake version of the site hosted on the attackers' infrastructure, and it then temporarily displays a white overlay over the page. This unusual masking trick might be intended to distract the users and to make them believe that the page is harmless.

The fake sites are perfect replicas of the real ones. The malware uses some technical tricks locally to keep the bank's real URL in the address bar and even the SSL certificate.

Once users input their credentials into the fake website, the credentials are tested in real-time against the bank's genuine website. If they work, the attackers initiate fraudulent money transfers out of the victim's account.

"Moreover, the victim is kept on the fake website, where the attacker can push social engineering notifications to them, making them divulge personally identifiable information and two-factor authentication elements," the IBM X-Force researchers said in a blog post.

Despite being new, GozNym is quickly gaining ground in the cybercrime arena, currently ranking fifth for banking Trojan activity in 2016. The IBM researchers expect that after this testing period, its creators will add more U.S. banking websites to the rogue redirection list. The researchers didn't name the original banks targeted.

In addition to the usual security recommendations of keeping software up to date, running an antivirus program, and being wary of email attachments, employees in charge of finances inside companies should try to use dedicated computers to access bank accounts and operate financial transactions. These computers shouldn't be used for other tasks like general browsing and email.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments