Skip to main content

New malware GozNym is stealing millions from U.S. bank account holders

microsoft security intelligence report 2016 online piracy
Mopic / Shutterstock
Hiding your money under your mattress may seem like an antiquated idea, but it may be the only way to stop a new hybrid malware monster that is attacking American and Canadian bank accounts. Known as GozNym, the malicious code actually combines two already powerful viruses known as Nymaim and Gozi. The resulting Trojan is as ruthless as it is resilient, and it has already been used to steal $4 million from over 24 U.S. and Canadian banks.

According to the IBM X-Force Research team that first uncovered this dangerous new weapon, which is being wielded by Eastern European hackers, GozNym takes the worst of each of its “parents.” “From the Nymaim malware, it leverages the dropper’s stealth and persistence; the Gozi ISFB parts add the banking Trojan’s capabilities to facilitate fraud via infected Internet browsers,” the IBM team writes. “The end result is a new banking Trojan in the wild.”

GozNym was first unleashed in early April, and has already inflicted considerable damage. It is unclear as of yet as to how many customers thus far have been affected, but the worst doesn’t appear to be over quite yet. IBM says that “GozNym’s operators’ top target is business accounts.” 50 percent of the attacks have been banking and credit unions, and another 17 percent of victims are retail banks.

This malware is particularly dangerous because it targets the actual consumer. Essentially, GozNym sneaks its way into a computer when an account holder clicks on email attachments or links, and then stays dormant until the user logs on to his or her bank account. Once this happens, GozNym really goes to work, stealing and sending information to hackers. “It all happens without the user seeing anything,” Etay Maor, executive security adviser at IBM Security tells the Wall Street Journal.

“To help stop threats like GozNym, banks and service providers can use adaptive malware detection solutions and protect customer endpoints with malware intelligence,” IBM notes. These tools could provide “real-time insight into fraudster techniques and capabilities, designed to address the relentless evolution of the threat landscape.”

Editors' Recommendations

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Rocket Lab given go-ahead to launch rockets from U.S. soil
rocket lab achieves first launch since july mission failure  aug 2020

Rocket Lab has been granted a launch operator license by the Federal Aviation Administration, paving the way for its first mission from U.S. soil at Wallops Island, Virginia.

Up to now, the private spaceflight company has been launching from a site in New Zealand, but the permission granted by the FAA will enable Rocket Lab to increase its frequency of launches and serve more customers, including U.S. government agencies that would rather launch from American soil.

Read more
Trump says he’ll ban TikTok from the U.S.
Trump stylized image

President Donald Trump said he will ban the popular video app TikTok from operating in the U.S. -- and do it as early as Saturday.

Trump told reporters aboard Air Force One Friday evening that he will use emergency powers or an executive order to block the app, according to The Hill. “As far as TikTok is concerned, we’re banning them from the United States,” he told reporters. "I have that authority."

Read more
U.S. indicts Chinese hackers for stealing coronavirus vaccine research
A digital depiction of a laptop being hacked by a hacker.

Chinese hackers targeted U.S. biotech firms working on coronavirus vaccines and treatments, and other companies around the globe, according to U.S. prosecutors. 

The United States Department of Justice (DOJ) charged two hackers on Tuesday, July 21, for breaking into companies for their own profit, as well as at the behest of a Chinese civilian spy agency. The indictment states that the two “researched vulnerabilities in the networks of biotech and other firms publicly known for work on COVID-19 vaccines, treatments, and testing technology.”

Read more