Petronella Blog Archive

Visit our New Blog

$4 Million Stolen with New Malware

Blog Post

In the first couple days of April, hackers were able to use a new form of malware to steal an estimated $4 million dollars by targeting the business customers of banks in the United States and Canada. Credit Unions, e-commerce sites, and 22 banks in the US along with two financial institutions in Canada were hit.

The cyber gang appear to be using a hybrid Trojan that combines aspects of both the Nymaim and Gozi malware. Once in a system, not only is it capable of stealing financial data, it can also take screenshots that are sent to the hackers, who then transfer money out of the account using that information.

Many firms have incorrectly identified the nature of these attacks, attributing them to Gozi even though Nymaim was run first before it fetched Gozi. Combining these two allows GozNym to effectively evade antivirus software while at the same time using web injections to alter a victim’s bank account to mask any transfers the attackers make.

GozNym has pretty typical means of distribution via both malicious links and attachments in phishing emails. This is another example of why simulated phishing attacks are a good idea in order to get employees familiar with tactics scammers use in order to recognize attacks when they happen. If you think that you or your business might be at risk, contact us for a consultation.