April 15, 2016 by

Banking Trojans Combine to Siphon $4 Million in a Few Days


A new piece of malware has been discovered by security researchers at IBM and has reportedly stolen $4 million from over 24 U.S. and Canadian banks, in a matter of just a few days.

A new ‘chimera’ Trojan made from a combination of two malware strains has been discovered. The two malware types are Nymaim and Gozi, combing to create GozNym.

The new hybrid is a powerful Trojan, putting together the best (or the worst) of both strains of malware. It leverages the stealth and persistence of the NYmaim malware, while it takes after the Gozi to borrow from the banking Trojan’s capabilities to trigger fraud through infected internet browsers.

Speaking to ThreatPost, Limor Kessem, a cybersecurity expert at IBM’s X-Force Research division stated:

GozNum is an extremely stealthy Trojan combining the best of both Nymaim and Gozi ISFB to create a very problematic threat. The attack numbers for GozNym have been extremely high given it’s only been around since April.

As things stand, the hybrid malware has targeted its victims with its primary delivery method for payload – email messages. The Trojan is embedded within infected macros in a malware-infected attachment. The attackers have devised the Trojan to manipulate the victim’s browser before stealing their credentials to then transfer money out of their bank accounts.

The combo-malware has already targeted retail banks, popular e-commerce websites, credit unions and banking institutions. IBM researchers have determined that the Trojan is currently engaged in an active campaign with a staggering 72% of its targets.

The breakdown of the hybrid Trojan’s targets are as follows:

  • 28% – Business Banking
  • 27% – Credit Unions
  • 22% – Ecommerce
  • 17% – Retail Banking
  • 6% – Others

Another source close to researching the malware in a different company anonymously told Forbes that the hybrid GozNym virus was also discovered in Asia.

A technical description of the Trojan has been detailed by IBM researchers and can be found here.

Image credit: Wikimedia.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

FFIEC Risk Profile

The growing threat to cybersecurity has prompted the Federal Financial Institutions Examination...

Read more arrow_forward

HSBC Turkey Hacked: 2.7 Million Customers Affected

Almost 3 million people's account credit card and account information compromised in HSBC Turkey data breach.

Read more arrow_forward

A New England Bank's Flawed Early Implementation of Chip Cards Allowed Unauthorized Charges

A series of unauthorized fraudulent EMV charges from Brazil baffled a small bank from New England...

Read more arrow_forward