20:21 GMT +317 July 2018
Listen Live
    Malware attacks global IT systems

    It's Back! Infamous Gozi Banking Malware Makes Unwelcome Return

    © Sputnik / Vladimir Trefilov
    Tech
    Get short URL
    110

    Over ten years ago, a new malware – dubbed Gozi – began targeting banks and other financial institutions to steal funds for the malware’s coordinators. A number of arrests were made in the early years of this decade, with the mastermind of the Gozi trojan, Nikita Kuzmin, successfully prosecuted in 2011.

    This infamous banking malware has now made a return, and is using the Dark Cloud botnet to evade detection by law enforcement agencies.

    Cisco Talos – a cybersecurity and threat intelligence agency – has warned that the trojan’s operators are now running a low-volume, targeted campaign to lure victims.

    "Our engineers have discovered that while the Gozi ISFB campaigns are ongoing, the distribution and C2 infrastructure does not appear to stay active for extended periods, making analysis of older campaigns and samples more difficult. The attackers appear to be very quickly moving to new domains and IP addresses, not only for each campaign, but also for individual emails that are part of the same campaign," a Cisco Talos research paper reads.

    READ MORE: Attention! This Data-Stealing Malware Is Built Into Over 40 Android Smartphones

    The malware reaches unsuspecting victims via email, typically containing malicious Microsoft Word documents, which, when downloaded, install the malware onto the victim’s device.

    Gozi’s original creator was caught and prosecuted, but catching the malware’s current operators is likely to be more difficult, as they are employing new techniques to improve anonymity, as outlined by the below excerpt from the research paper.

    “Attackers are continuing to modify their techniques and finding effective new ways to obfuscate their malicious server infrastructure in an attempt to make analysis and tracking more difficult. Talos has identified the Dark Cloud botnet being used for a multitude of malicious purposes,” the paper adds.

    Related:

    Rise of the Biohackers: Researchers Encode Malware in DNA Strands in World First
    Malware Attacks Faking Ransomware Likely to Continue in Next 3 Months
    Beijing Police Arrest Nine Tech Developers for Making Malware
    US Sentences Russian Man to 5 Years in Prison for Developing Malware
    Tags:
    malware
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik
    • Сomment