GozNym banking malware is considered one of the most dangerous threats to the banking industry, experts estimated it allowed to steal nearly $100 million from over 41,000 victims across the globe for years.
“An unprecedented, international law enforcement operation has dismantled a complex, globally operating and organised cybercrime network.” reads the press release published by the Europol. “The criminal network used GozNym malware in an attempt to steal an estimated $100 million from more than 41 000 victims, primarily businesses and their financial institutions.”
The GozNym banking malware was first spotted in April 2015 by researchers from the IBM X-Force Research, it combines the best features of Gozi ISFB and Nymaim malware.
The GozNym has been seen targeting banking institutions, credit unions, and retail banks. Among the victims of the GozNym Trojan there are 24 financial institutions in North America and organizations in Europe, including a Polish webmail service providers, investment banking and consumer accounts at 17 banks in Poland and one bank in Portugal.
Now the Europol announced the unprecedented, international law enforcement operation that allowed to dismantled the complex, globally operating and organised cybercrime network.
Europol with the help of law enforcement agencies from Bulgaria, Germany, Georgia, Moldova, Ukraine, and the United States identified and 10 individuals alleged members of the GozNym network.
5 defendants were arrested during several coordinated searches conducted in Bulgaria, Georgia, Moldova, and Ukraine, the remaining ones are Russians citizens and are still on the run, including the expert who developed the banking malware.
The cybercrime organization has been described by the Europol as a highly specialised and international criminal network.
One of the members that encrypted GozNym malware to avoid detection by security solutions, was arrested and is being prosecuted in the Republic of Moldova.
Operators behind the GozNym malware used the Avalanche network to spread the malware.
“Bulletproof hosting services were provided to the GozNym criminal network by an administrator of the “Avalanche” network. The Avalanche network provided services to more than 200 cybercriminals, and hosted more than twenty different malware campaigns, including GozNym.” continues the press release published by Europol. Through the coordinated efforts being announced today, this alleged cybercriminal is now facing prosecution in Ukraine for his role in providing bulletproof hosting services to the GozNym criminal network. The prosecution will be conducted by the Prosecutor General’s Office of Ukraine and the National Police of Ukraine.“
The members of the gang used banking malware to infect victims’ computers and steal their online banking credentials.
“A criminal Indictment returned by a federal grand jury in Pittsburgh, USA charges ten members of the GozNym criminal network with conspiracy to commit the following:
The defendants are well known on Russian underground, they advertised their specialized technical skills and services in Russian-speaking online criminal forums. Through these forums the leader of the GozNym network recruited them.
“The leader of the GozNym criminal network, along with his technical assistant, are being prosecuted in Georgia by the Prosecutor’s Office of Georgia and the Ministry of Internal Affairs of Georgia.” continues the Europol.
Below the advisory published by the FBI:
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – GozNym, malware)
[adrotate banner=”5″]
[adrotate banner=”13″]
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all…
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
This website uses cookies.