GozNym Banking Trojan Hits the US with Redirection Attacks


June 24, 2016

GozNym, a banking trojan discovered only two months back, has added a new trick to its arsenal and is using it to target high-level business banking services in the US.

IBM’s X-Force security team discovered GozNym in April 2016, when they detected the trojan targeting customers of financial institutions in the US and Canada.

In its initial versions, the trojan was using a technique called Web injections, which relies on malicious DLLs loaded in the user’s browser to show overlays on top of the page, when visiting a banking portal supported by the trojan’s modules.

Web injection attacks are common, and GozNym’s Web injects are inherited from the Gozi banking trojan. In fact, GozNym’s name comes from a combination of Gozi and Nymaim, a malware dropper.

Read full story…