IBM X-Force Research uncovered a Trojan hybrid spawned from the Nymaim and Gozi ISFB malware. It appears that the operators of Nymaim have recompiled its source code with part of the Gozi ISFB source code, creating a combination that is being actively used in attacks against more than 24 U.S. and Canadian banks, stealing millions of dollars so far. X-Force named this new hybrid GozNym. The new GozNym hybrid takes the best of both the Nymaim and Gozi ISFB malware to create a powerful Trojan. From the Nymaim malware, it leverages the dropper’s stealth and persistence; the Gozi ISFB parts add the banking Trojan’s capabilities to facilitate fraud via infected Internet browsers. The end result is a new banking Trojan in the wild.
There are currently no families associated with this actor.
|2019-05-16 ⋅ Europol ⋅ |
GOZNYM MALWARE: CYBERCRIMINAL NETWORK DISMANTLED IN INTERNATIONAL OPERATION
|2016-08-23 ⋅ Threatpost ⋅ |
GozNym Banking Trojan Targeting German Banks
|2016-04-25 ⋅ Threat Post ⋅ |
Attackers Behind GozNym Trojan Set Sights on Europe
|2016-04-14 ⋅ SecurityIntelligence ⋅ |
Meet GozNym: The Banking Malware Offspring of Gozi ISFB and Nymaim
ISFB Nymaim GozNym