The hackers combined code from two malware types, known as Nymaim and Gozi, to create GozNym, a Trojan both persistent and powerful, according to a report from IBM’s X-Force branch. Numerous credit unions and popular e-commerce platforms were also said to have been targeted.
Another source with knowledge of the malware, who asked to remain anonymous, said GozNym was also active in Asia and Europe but appeared to target US banks with overseas operations. The source said the attackers had reverted to just using Nymaim. IBM said GozNym had also popped up in Poland.
Other hackers have been trying to monetise the Gozi malware leak. Russian intelligence firm Group-IB said earlier this year it saw the source code of Gozi ISFB for sale on an underground forum.
A strain of GoziISFB was causing trouble in Switzerland in February. The country’s Computer Emergency Response Team warned criminals had compromised a major advertising network, which led to infections to anyone visiting sites serving malicious ads.
Cybercriminals often adopt and adapt leaked malware to make their attacks more effective. Whilst technology can assist in stopping organized digital criminals, arrests are required to cut off attacks.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now