GozNym Malware is Expert in German, Demonstrated by New Malicious Campaign

GozNym banking malware, the Trojan hybrid that was discovered in the beginning of April by IBM X-Force, is continuing increasing its activity in Europe against banks. In recent times, the team of X-Force discovered the redirection attacks that were launched by crews of GozNym in Germany, targeting 13 banks and its local subsidiaries.

The new schemes of redirection come additionally to attacks based on webinjection for all targeted brands, which demonstrates the significant investment by GozNym in German-language attack capabilities.

IBM X-Force posted a blog stating that GozNym was founded doing launching of redirection attacks against customers of infected German banks, by sending those customers to the malicious websites that pretend to be like the legitimate sites of bank, and then tricking them to disclose their credentials. The team of X-Force observed that redirection schemes "come in addition to web injection-based attacks for all the targeted brands".

It is obvious looking at the timeline of GozNym, the gang which is operating malware has resources as well as savvy for deploying sophisticated tactics of cybercrime against the banks. Securityintelligence.com posted on August 23rd, 2016, stating that the project has been extremely active and growing fast, making it possible to spread to more countries over the period of time.

Dyre gang, the original contriver of malware redirection attacks, just manages in deploying them to Spain as well as English-speaking countries. The operators of GozNym already have 3 different geographies under attack - in 3 different languages, as well as in countries with diverse banking systems.

With the recent GozNym Trojan alongwith schemes of fresh attack that are added to malware in last few months, it was quite clear that the attacks of GozNym are evolving rapidly, turning it into a serious player in the financial threat landscape. Research of IBM X-Force expects to observe further increase in attacks of GozNym in coming weeks, along with growth of redirection attacks to more banks in near future.

Users can prevent infections by malware on its endpoints by ensuring that its operating systems are updated, updating programs which are often used, as well as deleting programs which are not in use. Additionally, sites usually used as the infection hubs must be avoided.

You should make sure to never click on the links or open any attachments in the unsolicited email. Moreover, users should avoid accessing their private accounts from the public computers.

» SPAMfighter News - 8/29/2016