Cybercrime Group Behind GozNym Banking Malware Busted For Stealing $100 Million

by Sunny Hoi

Europol and the U.S. Justice Department have dismantled a global sophisticated and structured cybercrime network responsible for stealing an estimated $100 million using the GozNym banking malware.

In a press conference on Thursday in The Hague, Europol said ten defendants in five countries are accused of utilizing the banking malware to steal money from over 41,000 victims across the globe, the majority of which were businesses and financial institutions.

GozNym is a stealthily and sophisticated malware, created by combining two potent malware strains (Gozi ISFB and Nymaim). Gozi serves as a web injection module employed to connect into the web browser, permitting the cybercriminal to steal sensitive account credentials. Whereas, Nymaim is a dropper that infects systems using exploit kits deriving out of malicious emails or links.

Ten members of the network have been charged with conspiracy to commit computer fraud, money laundering via US and foreign bank accounts, and conspiracy to commit wire and bank fraud.

Five defendants were detained in Georgia, Moldova, Ukraine and Russia, while the remaining five Russian nationals are on the run and wanted by the Federal Bureau of Investigation (FBI).

Europol, who collaborated with international law enforcement agencies, assert that the cybercriminals were highly functional and organized. They deployed their technical skills and various criminal services to recruit accomplices, carry out phishing attacks, launder their money, and encrypt their malware to render it increasingly difficult to detect by anti-virus software.

Despite the victims not being named, the Justice Department mentioned that at least eleven US businesses — including a casino, two law firms, and a church were victims of the GozNym banking malware. GozNym was designed to attack financial institutions.

Prosecutors said the cybercrime group behind GozNym operated through and were provided with bulletproof hosting services by an Avalanche network administrator of compromised systems who was arrested in Ukraine in November 2016.

Related Posts