Banker Trojan GozNym Spreading Across Countries through Spam

During recent weeks, users in Poland were being attacked with the banker Trojan called GozNym. Every time GozNym attacks are personalized as the Trojan chooses one particular group of people going online for banking operations thus suggesting the creators of the malware are quite adept at developing localized malicious programs. But GozNym's activity isn't yet saturated, since it's currently targeting users in Germany too.

It is from April 2016 that GozNym is doing the rounds; still dealing with it is proving tough for security researchers. The attackers apply redirection tracks via the system of DNS poisoning so bank customers can get diverted onto a fake website and believing it is their real banking site, they divulge their login particulars.

GozNym has been created via the combination of Gozi and Nymaim malicious programs. At present, the Trojan is attacking customers of thirteen banks as well as their subsidiaries inside Germany, reports Executive Security Advisor Limor Kessem of IBM. As the malware normally executes diversion assaults these are accompanied with 'code inserted into web' attacks as well. Threatpost.com posted this, August 23, 2016.

Tracing the operation of GozNym over time, it's suggestive that the group employing it for attacks possesses the resources as well as knowledge for deploying advanced techniques of cyber-crime vis-à-vis banks. With a high degree of operability and a rapid evolutionary process, the Trojan's possibility of proliferating into more countries is high.

Security researchers attribute eighth rank to GozNym among the greatest of all active financial malware present, proving more capable than other malicious programs that have been into existence much longer like Tinba and Zberp -variants of ZeuS Trojan.

While banks over time have become more knowledgeable about cyber assaults and resultant frauds, users of their own must ensure trustworthiness of incoming e-mails prior to following a web-link else viewing an attachment inside the messages. Banks won't provide security warnings to their online customers until the latter click inside the e-mails for accessing the banking websites; however, not recognizing the fraudulent site or fake attachment is exactly what the cyber-criminals take advantage of to entice the users to give away their credentials.

» SPAMfighter News - 8/30/2016