GozNym Malware Has Stolen $4 Million From Users' Bank Accounts

When the average person finds their computer is infected with malware, it can range from a minor annoyance, to something they need a little extra help to fix. However, sometimes an infection can cost millions of dollars. A new piece of malware has been discovered, and it has managed to steal roughly $4 million from users over a short period of time.

Advertisement

The new malware is called GozNym, and it isn't holding banks hostage like others we've seen. Instead, it's being used to target individuals who have access to business accounts at major banks. The malware tends to come through in an email attachment or a link. The user won't be given any indication that anything happened, as it lays dormant on the system and waits.

When the infected computer is used to access a bank account, that's when it springs to life. It uses a combination of methods for capturing information about the account. This includes taking screenshots and recording keystrokes.

The user is still given no indication that anything malicious is happening at this time. No animated skull and crossbones will give them a warning. Instead, their account information is passed back to the malware's creator, and money is transferred out of the account at some point in the future.

Advertisement

What's interesting is that if you pay much attention to the malware world, GozNym is actually a hybrid, comprised of two existing pieces of software. These are Gozi ISFB, which has been around since 2010, and Nymaim, whose code has been used primarily for ransomware. If you're interested in reading more about how these pieces of software have come together, and getting an in-depth analysis of the code, you should check out the breakdown done by Security Intelligence.

Aside from keeping a good malware detector on your system, the usual rules apply for keeping yourself safe from these types of attacks. Since it most commonly is transmitted via email, don't open links or attachments that don't come from explicitly-trusted sources. And if you do appear to know the sender, don't blindly open attachments and links if you aren't actually expecting something of that nature from the person or company.

Recommended

Advertisement