Banking Trojans are nothing new under the sun these days. Internet criminals are going after the world’s most vulnerable financial systems, in the hope of getting a big payday. GozNym, a new banking Trojan, is targeting German users specifically. This is a change of pace, as the malware targeted Poland not too long ago.
GozNym banking Trojan Aims To Wreak Havoc In Germany
Over the past few weeks, the GozNym banking Trojan has been making the rounds in Poland. By targeting a specific group of banking users, the developers have shown they are well capable of creating localised malware threats. But the trojan is far from done, as it is now appearing in Germany as well.
Although GozNym has been around since April of 2016, security researchers have a hard time to deal with this malicious tool. By using redirections tracks through DNS poisoning, bank customers are redirected to a clone version of their bank’s site, where they will give up their login credentials.
A total of 13 German banks and subsidiaries are being targeted by this Trojan as we speak. Redirection attacks are complemented through web injection-based attacks. For the end user, everything seems in order, while they are being transferred to the wrong banking platform. Injections do rely on social engineering visuals, and will fail if the victim notices something is amiss.
When GozNym launched in April of 2016, a campaign against two dozen North American banks was underway. Over a two-week period, criminals managed to steal US$4m in funds. Ever since that time, they set their sights on the European continent. Among consumer bank accounts, they also target investment banking and corporate banking platforms.
Multilingual support in the world of banking Trojans is a serious issue that needs to be addressed. Moreover, every targeted country has their own banking system, which makes GozNym very versatile. More evolutions of this malware are yet to come, and security researchers will need to be on their toes at all times.
Image credit 1
If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.