Gozi - Security Intelligence

article

Q1 2018 Results: Gozi (Ursnif) Takes Larger Piece of the Pie and Distributes IcedID

Gozi took a larger slice of the financial malware pie and become the most active banking Trojan in 2017, according to the IBM X-Force Threat Intelligence Index 2018.

April 18, 2018 | By Michelle Alvarez

article

IBM X-Force Threat Intelligence Index 2018 banner.

article

2018 IBM X-Force Report: Shellshock Fades, Gozi Rises and Insider Threats Soar

The latest IBM X-Force report highlighted threats stemming from misconfigured cloud servers and inadvertent insider negligence and examined malware trends from 2017 that could continue into 2018.

April 4, 2018 | By Michelle Alvarez

article

article

Ursnif Campaign Waves Breaking on Japanese Shores

The Ursnif banking Trojan began targeting financial institutions in Japan during Q3 2017 and continues to operate in the region as we enter Q4.

October 26, 2017 | By Limor Kessem

article

A white knight chess piece in the foreground with black pieces in the background.

article

Neverquest Gang Takes Leave — Is It the End of the Quest?

IBM X-Force researchers recently observed a massive drop in Neverquest malware campaigns. Is it the end of an era for this Trojan?

May 4, 2017 | By Limor Kessem

article

Anatomy of an hVNC Attack

Cybercriminals who rely on remote control tactics to commit financial fraud may use hidden virtual network computing (hVNC) modules to cover their tracks.

January 25, 2017 | By Lior Keshet

article

The volume of GozNym attacks in Europe rose 3,550 percent between July and August 2016. The project's heightened activity and rapid evolution indicates the strong likelihood that it will spread to other countries in the near future.

article

GozNym’s Euro Trip: Launching Redirection Attacks in Germany

GozNym continued its trip around Europe by launching redirection attacks against 13 German banks. The volume of these attacks has spiked in recent months.

August 23, 2016 | By Limor Kessem

article

Security researchers recently went under the hood of the GozNym banking Trojan, which is launching new capabilities and targeting financial institutions around the world. Learning about this malware can help users avoid it and its consequences.

article

Two Heads Are Better Than One: Going Under the Hood to Analyze GozNym

IBM X-Force researchers recognized that the GozNym banking malware leverages features from two types of malware to make it double the threat.

July 12, 2016 | By Lior Keshet

article

Cybercriminals of the past used a spray-and-pray strategy for their malware campagins, spreading millions of phishing emails to random addresses and hoping for the best. Malicious actors today, however, are going with a more targeted approach.

news

Designer Malware Campaigns: The Rise of Couture Cybercrime?

Cybercriminals are adding some designer touches to their malware campaigns to make them more targeted and increase the overall success rate.

May 5, 2016 | By Douglas Bonderud

news

The new GozNym banking Trojan poses a major threat to financial institutions in North America, and it could soon spread to other parts of the world. This sophisticated new malware is the offspring of two other infamous cyberthreats.

article

Meet GozNym: The Banking Malware Offspring of Gozi ISFB and Nymaim

The new GozNym hybrid takes the best of both the Nymaim and Gozi ISFB malware to create a powerful Trojan targeting banks in the U.S. and Canada.

April 14, 2016 | By Limor Kessem

article

Gozi has already made a name for itself by going after financial institutions in the U.S. and U.K., but its developers may have set their sights on a new target: Bulgaria. Banks in the Eastern European nation are likely the Trojan's next target.

article

Gozi Goes to Bulgaria — Is Cybercrime Heading to Less Charted Territory?

The latest version of the Gozi banking Trojan looks to target banks in Bulgaria. This could be just the first instance of the malware in Eastern Europe.

August 18, 2015 | By Limor Kessem

article

Tag: Gozi