If you have heard of some news of cyber banking heist that took place in the recent weeks, you might have also probably learned that a hybrid banking Trojan was responsible for the theft that pilfered millions of dollars from the victimized banks.
The malware was born out of the combination of Nymaim and Gozi ISFB, which now collectively bears the codename GozNym, and as of this post the hybrid banking Trojan is already cashing in on the large banking companies in the United States at the very least. Some financial institutions in Canada have also been hit by the malware, described by security researchers at IBM X-Force as a double-headed monster for having enhanced its capabilities.
The creators of the GozNym Trojan managed to boost the capabilities of the hybrid Trojan after recompiling the source code of the Nymaim Trojan and mixed it with the source code of the other notorious malware, the Gozi ISFB, resulting in an extremely powerful malware that has infiltrated large financial organizations deemed to have robust security infrastructure.
The ultimate goal of the operators behind the GozNym Trojan is to put the accounts of business customers at risk. The victims, so far, include credit unions, business banking, ecommerce and retail banking, among other financial institutions.
The attackers were able to improvise the Trojan by leveraging the source code for the Gozi ISFB Trojan that was publicly released in 2010 and 2015, though the latest version of the Trojan has been largely modified in keeping with the advancements in anti-malware tools.
Security researchers believe the original developers of Nymaim’s source code were also the ones responsible for the rise of the GozNym Trojan, since it is a fact that they have exclusive access to Nymaim’s source code and were only able to improve Nymaim’s capabilities by taking advantage of the leaked Gozi ISFB source code.
According to the researchers, the two Trojan malware depend upon each other to execute the mission they are created for. The source codes of the two malware were specifically adjusted to work with each other, even boosting one another’s capabilities in carrying out their functions as one.
The malware is also reportedly tied to a series of ransomware attacks that occurred in the past and it works by dropping exploit kits before the malware goes on to steal the banking credentials and personal information of users.
It is also hard for traditional antimalware tools to detect the hybrid Trojan because it incorporates encryption and control flow techniques to remain concealed.