It’s Back! Infamous Gozi Banking Malware Makes Unwelcome Return
Sputnik/ Vladimir TrefilovTech13:58 09.03.2018Get short URL
Over ten years ago, a new malware – dubbed Gozi – began targeting banks and other financial institutions to steal funds for the malware’s coordinators. A number of arrests were made in the early years of this decade, with the mastermind of the Gozi trojan, Nikita Kuzmin, successfully prosecuted in 2011.
This infamous banking malware has now made a return, and is using the Dark Cloud botnet to evade detection by law enforcement agencies.
Cisco Talos – a cybersecurity and threat intelligence agency – has warned that the trojan’s operators are now running a low-volume, targeted campaign to lure victims.
“Our engineers have discovered that while the Gozi ISFB campaigns are ongoing, the distribution and C2 infrastructure does not appear to stay active for extended periods, making analysis of older campaigns and samples more difficult. The attackers appear to be very quickly moving to new domains and IP addresses, not only for each campaign, but also for individual emails that are part of the same campaign,” a Cisco Talos research paper reads.
READ MORE: Attention! This Data-Stealing Malware Is Built Into Over 40 Android Smartphones
The malware reaches unsuspecting victims via email, typically containing malicious Microsoft Word documents, which, when downloaded, install the malware onto the victim’s device.
Gozi’s original creator was caught and prosecuted, but catching the malware’s current operators is likely to be more difficult, as they are employing new techniques to improve anonymity, as outlined by the below excerpt from the research paper.
“Attackers are continuing to modify their techniques and finding effective new ways to obfuscate their malicious server infrastructure in an attempt to make analysis and tracking more difficult. Talos has identified the Dark Cloud botnet being used for a multitude of malicious purposes,” the paper adds.