No joke, the headline for this article is factual, correct and happening right now. Experts in the malware field have identified a new hybrid malware known as GozNym which is attacking American and Canadian bank accounts. Spawned from the coding and traits of two previous problem packages, Nymaim and Gozi, this latest virus creation has already been used to steal $4 million.
According to the IBM X-Force Research, the team that first uncovered virus, GozNym takes the worst of each of its “parents.” “From the Nymaim malware, it leverages stealth and persistence, and the Gozi parts add the banking Trojan’s capabilities to facilitate fraud via infected Internet browsers,” the IBM team writes. “The end result is a new banking Trojan in the wild.”
GozNym was first discovered early in April 2016. Worse, it is currently unclear how many customers have already been affected. In a nutshell, the worst doesn’t appear to be over quite yet. IBM says that “GozNym’s operators’ top target is business accounts.” This conclusion is based on the fact that 28 percent of the attacks have been commercial banks and another 17 percent of victims are accounts in retail banks. Ecommerce and credit union accounts almost make up the other half.
The GozNym malware is particularly dangerous because it targets the actual consumer. As usual, the virus starts when an unsuspecting user clicks on a malicious link or email attachment, typically delivered by email or on a website. The virus then stays dormant until the user logs on to his or her bank account. That’s when the Trojan gets busy, stealing and sending information to hackers, all without the user ever realizing the damage is happening.
Are you interested in learning more about how to protect your organization from these types of attacks and new viruses as they become active? Contact our consultants today at PBMares to talk about how our services can better prepare your organization to face the rising way of cyber-attacks. The bad guys aren’t taking a break, so your defense shouldn’t be off the clock either.