New Hybrid Malware Targets Banks
Posted by: Timothy Weaver on 04/14/2016 09:52 AM
[
Comments
]
There is a new hybrid trojan that is a cross between Nymaim dropper and the Gozi financial malware that researchers at IBM Security have dubbed"GozNym".
Nymaim is known as a ransomware product that has been used to deliver ransomware, including its own police-themed screen locker, which blocks computers and instructs victims to pay a “fine”.
Andrew Komarov, chief intelligence officer at InfoArmor, said: “We know that Gozi is still very active in the underground, and even some of its authors are actively being investigated by law enforcement agencies. They have changed their model and sell some specific modules to different malware projects. You may see posts about ‘Gozi for rent’ for $400 per week, supporting WEB-injects for Chrome, IE, Firefox, and have modules similar to well-known online banking Trojans like Zeus and SpyEye (VNC, keylogger – used for successful online-banking theft).”
The threats were combined into a single piece of malware in early April, with Nymaim being launched in the first stage of deployment and the Gozi ISFB component in the second stage.
Limor Kessem, executive security advisor at IBM, explained: “The new GozNym hybrid takes the best of both the Nymaim and Gozi ISFB malware to create a powerful Trojan. From the Nymaim malware, it leverages the dropper’s stealth and persistence; the Gozi ISFB parts add the banking Trojan’s capabilities to facilitate fraud via infected Internet browsers."
The GozNym sample analyzed by IBM is currently detected by most major antivirus vendors based on its signature.
Source: Security Week
Nymaim is known as a ransomware product that has been used to deliver ransomware, including its own police-themed screen locker, which blocks computers and instructs victims to pay a “fine”.
Andrew Komarov, chief intelligence officer at InfoArmor, said: “We know that Gozi is still very active in the underground, and even some of its authors are actively being investigated by law enforcement agencies. They have changed their model and sell some specific modules to different malware projects. You may see posts about ‘Gozi for rent’ for $400 per week, supporting WEB-injects for Chrome, IE, Firefox, and have modules similar to well-known online banking Trojans like Zeus and SpyEye (VNC, keylogger – used for successful online-banking theft).”
The threats were combined into a single piece of malware in early April, with Nymaim being launched in the first stage of deployment and the Gozi ISFB component in the second stage.
Limor Kessem, executive security advisor at IBM, explained: “The new GozNym hybrid takes the best of both the Nymaim and Gozi ISFB malware to create a powerful Trojan. From the Nymaim malware, it leverages the dropper’s stealth and persistence; the Gozi ISFB parts add the banking Trojan’s capabilities to facilitate fraud via infected Internet browsers."
The GozNym sample analyzed by IBM is currently detected by most major antivirus vendors based on its signature.
Source: Security Week
Comments
