GozNym cybercrime network dismantled by Europol and DOJ

Image credit: Pixabay

The cybercriminals behind the GozNym malware, which stole over $100m from bank accounts since its creation, have been apprehended as a result of a joint operation between Europol and the US Justice Department.

During a press conference in The Hague, prosecutors said that 10 defendants in five countries have been accused of using malware to steal money from over 41,000 victims consisting mostly of businesses and financial institutions.

Of the 10 defendants, five were arrested in Moldova, Bulgaria, Ukraine and Russia while the leader of the group behind the GozNym malware and his technical assistant are begin prosecuted in Georgia. The remaining five defendants, who are all Russian nationals, are still on the run though they are currently wanted by the FBI.

All of the defendants were charged with conspiracy to commit computer fraud, conspiracy to commit wire and bank fraud and conspiracy to commit money laundering.

GozNym malware

GozNym was developed by combining the Nymaim and Gozi malware families into one powerful banking malware that spread across the US, Canada, Germany and Poland. Since it first appeared in 2016, the banking malware has been used to target dozens of banks and credit unions.

GozNym has been described as malware as a service and the leader of the network obtained the code for the two malware families after it leaked online and used it to build his own more powerful malware strain. He then recruited other cybercriminals to join his operation while advertising the new malware on Russian speaking forums.

The malware used encryption and other techniques to avoid detection by antivirus tools while the cybercriminals sent out hundreds of thousands of phishing emails to businesses and banks in an attempt to gain access to their computer systems. Once a system was infected, the malware would steal passwords for bank accounts that the cybercriminals would log into and cash out.

According to the prosecutors, the GozNym malware network was hosted and operated through a bulletproof hosting service known for having lenient attitudes towards cybercrime.

  • Protect your systems from the latest cyber threats with the best antivirus

Via TechCrunch

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

TOPICS