Pierluigi Paganini December 23, 2019

U.S. Justice Department announced that three members of the cybercrime group behind the GozNym banking Trojan have been sentenced to prison.

U.S. Justice Department announced that three members of the cybercrime group behind the GozNym banking Trojan have been sentenced to prison.

The crooks infected more than 4,000 victim computers globally with GozNym banking Trojan between 2015 and 2016, most of the victims were in the United States and Europe. According to the authorities, the gang stole nearly $100 million from the banking accounts of over 41,000 victims across the globe for years.

In May, a joint effort by international law enforcement agencies from 6 different countries has dismantled the crime gang behind the GozNym banking malware.

The GozNym banking malware was first spotted in April 2015 by researchers from the  IBM X-Force Research, it combines the best features of Gozi ISFB and Nymaim malware.

The GozNym has been seen targeting banking institutions, credit unions, and retail banks. Among the victims of the GozNym Trojan there are 24 financial institutions in North America and organizations in Europe, including Polish webmail service providers, investment banking and consumer accounts at 17 banks in Poland and one bank in Portugal.

Europol with the help of law enforcement agencies from Bulgaria, Germany, Georgia, Moldova, Ukraine, and the United States identified and 10 individuals alleged members of the GozNym network.

5 defendants were arrested during several coordinated searches conducted in Bulgaria, Georgia, Moldova, and Ukraine, the remaining ones are Russians citizens and are still on the run, including the expert who developed the banking malware.

The cybercrime organization was described by the Europol as a highly specialised and international criminal network.

Operators behind the GozNym malware used the Avalanche network to spread the malware.

On Friday, in a federal court in Pittsburgh, the member of the gang Krasimir Nikolov (47) was sentenced to a period of time served after having served over 39 months in prison for his role as an “account takeover specialist” in the scheme, and will now be transferred to Bulgaria.

Nikolov was arrested in September 2016 in Bulgaria, local authorities extradited to Pittsburgh in December 2016 to face federal charges of criminal conspiracy, computer fraud, and bank fraud.

“A resident of Varna, Bulgaria, was sentenced on December 16, 2019, in federal court in Pittsburgh to a period of time served after having served more than 39 months in prison following his conviction on charges of criminal conspiracy, computer fraud, and bank fraud for his role as a member of the GozNym malware cybercrime network, United States Attorney Scott W. Brady announced today.” reads the press release published by the DoJ.

“United States District Judge Nora Barry Fischer imposed the sentence on Krasimir Nikolov, 47, of Bulgaria. Nikolov will be transferred into U.S. Immigration and Customs Enforcement custody and removed from the United States to Bulgaria.”

Nikolov used stolen online banking credentials gathered by the GozNym Trojan to access victims’ online bank accounts and make fraudulent electronic transfers into bank accounts controlled by fellow conspirators.

Another two members of the gang that were arrested in Georgia, Alexander Konovolov and Marat Kazandjian, have been sentenced on Friday to seven and five years of imprisonment, respectively.

Konovolov was a leader of the GozNym network while Kazandjian was his primary assistant and technical administrator.

“The FBI will not allow cyber criminals from any country to operate with impunity,” said FBI Pittsburgh Special Agent in Charge Robert Jones. “For years, these cyber criminals believed they could steal millions from innocent victims. Through international cooperation with multiple agencies, we were able to target, takedown and bring to justice members of this criminal enterprise. We will continue to relentlessly pursue these cyber criminals who think they can conduct illicit activity from behind the perceived anonymity of a computer.”

Pierluigi Paganini

(SecurityAffairs – GozNym, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]