The GozNym Trojan targets Europe with a tricky mechanism!

The GozNym Trojan is targeting users in Europe with a tricky page redirection mechanism.

A new threat that comes from the GozNym Trojan has been spotted in the last few days. The malicious script that unifies the Gozi ISFB and Nymiam malware in an insidious combination has started to target countries from Europe. Since it was first detected a couple of weeks ago, this malware managed to steal about $4 million from businesses and banking institutions. There are more than 20 financial institutions in North America, who are among the victims of the GozNym Trojan.

Recently, the researchers who are monitoring the malicious script have detected that the hackers started to use it against organizations in Europe as well. Victims of the hacking attacks are reported in 17 banks in Poland, a Polish webmail service provider, and one Portugal bank. The targets are investment banking accounts and customer accounts. It seems like the hackers who stand behind the GozNym Trojan have put significant efforts into increasing their attacks’ scope. Security researchers are concerned that Europe is becoming a lucrative target for organized cybercrime.


Europe is becoming a lucrative target for organized cybercrime.

The mechanism that cybercriminals use with GozNym Trojan relies on two major steps. First, they trick users into believing that they are on a legitimate website. To do that, the malware uses web injections to display phishing pages on top of legitimate bank websites.  In order to make it look more trustworthy, the phishing page appears like hosted on the bank’s official domain. A warning notification from the browser does not appear because the hackers ensure that the browser displays the SSL certificate indicator. When the Trojan infects a device, what it does is, it monitors the victims’ activities and redirects them to that phishing page.

In the second step, the cybercriminals collect the users’ account credentials and authentication data once it is inserted in the fake page. To make the attack trickier to identify, the hackers intentionally use two different servers to perform the above-mentioned steps. Judging by the complexity the GozNym attacks are performed with, security experts believe that the malware creators are among the major cyber- criminal actors across the world.

Redirection attacks are one of the most complex and sophisticated ways to abuse systems and accounts worldwide. With the increase of such smart threats, users need to stay well informed in order to be one step ahead of the hackers. Staying away from suspicious content and following the basic safety rules may help avoiding the threats. However, if you get “lucky” to infect your system with GozNym, here you will find a free removal guide that will help you deal with it. We hope you never need to use it tough. Remember to regularly check the“HowToRemove.Guide” social channels and website to prevent infections from all sorts of malware and stay safe.