The cybercriminals behind the GozNym malware, which stole over $100m from bank accounts since its creation, have been apprehended as a result of a joint operation between Europol and the US Justice Department.
During a press conference in The Hague, prosecutors said that 10 defendants in five countries have been accused of using malware to steal money from over 41,000 victims consisting mostly of businesses and financial institutions.
Of the 10 defendants, five were arrested in Moldova, Bulgaria, Ukraine and Russia while the leader of the group behind the GozNym malware and his technical assistant are begin prosecuted in Georgia. The remaining five defendants, who are all Russian nationals, are still on the run though they are currently wanted by the FBI.
- HP launches new laptops and workstations with built-in malware protection
- Mobile malware attacks double in 2018
- Microsoft Office is a top target for malware devs
All of the defendants were charged with conspiracy to commit computer fraud, conspiracy to commit wire and bank fraud and conspiracy to commit money laundering.
GozNym was developed by combining the Nymaim and Gozi malware families into one powerful banking malware that spread across the US, Canada, Germany and Poland. Since it first appeared in 2016, the banking malware has been used to target dozens of banks and credit unions.
GozNym has been described as malware as a service and the leader of the network obtained the code for the two malware families after it leaked online and used it to build his own more powerful malware strain. He then recruited other cybercriminals to join his operation while advertising the new malware on Russian speaking forums.
The malware used encryption and other techniques to avoid detection by antivirus tools while the cybercriminals sent out hundreds of thousands of phishing emails to businesses and banks in an attempt to gain access to their computer systems. Once a system was infected, the malware would steal passwords for bank accounts that the cybercriminals would log into and cash out.
According to the prosecutors, the GozNym malware network was hosted and operated through a bulletproof hosting service known for having lenient attitudes towards cybercrime.
- Protect your systems from the latest cyber threats with the best antivirus