GozNym Malware Hits Banking Systems in Canada and The US

The U.S and Canadian banks are threatened by a double jeopardy, double the trouble as the twice powerful malware mega menace called goznym is here!

This brand new trouble for the United States and Canadian banking system is a fusion malware with enormously violent skills.


Banking Giants Nymaim and Gozi ISFB have joined forces to create “GozNym” a brand new hybrid which soon after its launch has already conned banks for millions of dollars. The previously more powerful Nymaim Trojan’s source code formula was given an intense makeover to invent a “double the terror” hybrid with new and improved features. This banking villain has already been criminally successful in destroying financial institutions with the sole purpose of demolishing business accounts.

GOZ-NYM: The new-age villain SPARED NONE:

GozNym has proven to be massively destructive by causing millions of dollar bank thefts within weeks, with 24 US banks, e-commerce platforms and credit unions set as its next targets. Not only banks but two Canadian financial institutes have also become victims of the hybrid malware.

How it all started:

It began in 2010 when hell broke loose as the source code of Gozi ISFB was publicly leaked. Again in 2015 a new and improved version of the Trojan code was also publicly displayed. However, the only group with access to the Nymaim’s source code was its original development team; hence, the cyber-attacks could be accounted for the leak to enhance their program strategies. It is also probable that the Nymaim team itself incorporated the leaked Gozi ISFB code to create a deadlier Trojan hybrid for destructive purposes. Operationally speaking, the source code union gave birth to a kind of “banking Trojan” where both malware co-operates and co-exist to run malware operations.

The Nymaim Trojan, what on earth is it?

It is sort of a malware dropper which corrupts systems by using exploit kits once they are done running a payload to snip credentials and user data. Somewhat akin to “ransomware”, this malware is far more advanced and evil than ever with features like encryption, anti-VM and control flow obfuscation for obscurity.

However, IBM discovered that Nymaium exploited a web injection: DDL, dynamic link library to perform internet banking attacks. It was likely because previous Nymaim versions infused GOZI ISFB’s financial module with a whole DLL to infect and inject victim’s browsers for enabling attacks on banking sites.

The Gozi ISFB Trojan’s capability to handle Web sessions was maliciously injected by the sneaky and dogged malware just like Nymaim loader, which eventually brought forth online banking fraud attacks. The destruction has been humongous as large sums of money were stolen due to this deadly malware. Malware hybrids have always been there but since technological advancement has been vast over the years, the banks are restoring to higher levels of protective layers to defeat this menace and stay safe.

Related Posts