Halfbreed trojan targets US banks
Hybrid strains combine to form biz hacker
A new piece of malware has been linked to thefts of $4m from more than 24 American and Canadian banks in just a few days.
Researchers at IBM reckon that hackers combined code from two malware types, known as Nymaim and Gozi, to create GozNym, a persistent and powerful trojan. Customers of numerous credit unions and popular e-commerce platforms are also in the firing line of attacks.
GozNym’s operators’ top target is business accounts, IBM warns. The malware spreads through exploit kits on either hacker-controlled or compromised websites. Once dropped onto compromised Windows PCs, the hyrid trojan manipulates web sessions to carry out online banking fraud attacks.
More details on the malware – including code analysis – can be found in a blog post by IBM Security here.
Mark James, security specialist at security software firm ESET, said that hybrid malware strains are becoming more common as crooks become more sophisticated.
“There are so many different forms of malware around today and combining different versions to create hybrid pieces is an effective way of developing malware that is stealthy and successful, which is exactly what we have here,” James said. “By creating a modified piece of malware you would in theory create something that is not being currently detected, he added.
Travis Smith, senior security research engineer at security tools firm Tripwire, added that the underground cybercrime scene is not short of miscreants capable of putting together a chimera of mixed strains of malware. The process can be easier than starting from scratch.
“Cyber criminals have specialities just like their white hat counterparts,” Smith said. “By taking bits of code from different pieces of malware, they are able to create their malicious payload quicker than writing everything from scratch. This will reduce their time to exploit and increase potential profits from criminal activity.” ®