19 Oct Meet Gozi: The Number 1 Financial Malware
Posted at 11:20h in IT Security, Ransomware, Security & Hacking, Technology News, Uncategorized
Gozi (Ursnif) is a notorious and widely distributed banking trojan. It is so widely distributed that, according to IBM, it makes up 25% of all malicious activity targeted towards financial institutions, it is a threat that has been on the landscape for multiple years. Previous breaches have heavily targeted the healthcare sector, which led to the compromise of data associated with 3.7 million patients costing $5.55 million.
Over time attackers utilizing Gozi are continually modifying their techniques in order to avoid detection. The malware itself has featured heavily since 2007 and now after over a decade after it was first found, it as seen as the most prevalent financial malware:
Typically the threat actor distributes this malware in low-volume targeted attacks, as opposed to mass spam mail campaigns. By utilizing this tactic, they are able to stay under the radar and spend their time crafting convincing, well-executed emails and maximize the chance that the email will be opened and the packet downloaded.
The attackers move swiftly from domains and IP addresses, not only for each campaign but for each individual email, making it almost impossible to block. The campaigns themselves are launched weekly in order to dupe more victims and generate more money for attackers.
The malware is typically distributed using malicious spam email campaigns, which feature a Microsoft Word file which acts and the payload downloader. Hackers attempt to make the email seem like it is part of an existing thread in the hopes to increase its legitimacy and open rate. The emails are usually well crafted and written – something that is not typical for most mass-email campaigns.
The word file comes with an embedded VBA which is executed when the word document is closed. This is smart as by only activating once the document is closed it can bypass some sandbox systems which are activated only when documents are opened.
What Does Gozi Do?
Gozi is able to inject itself into Windows operating systems web browsers, allowing hackers to monitor browsing activity and hoover up data and credentials that are put into forms.
- What is Microsoft Office 365 Business Premium? Plans & Pricing - June 13, 2019
- The 5 Ways We Build White Hat SEO Backlinks (with Examples) – B2B Corporate Marketing - May 3, 2019
- What makes Google Mobile Advertising so powerful? - January 30, 2019
- Protected: The Face Off: G Suite vs Office 365 – Who Battles to Business Victory? - January 9, 2019
- Thailand’s Great Cybersecurity Push - December 11, 2018
- Financial Services: IT Security & Cyber Protection in Banks from Malware and More - October 26, 2018
- Powering Thailand 4.0 - October 22, 2018
- Meet Gozi: The Number 1 Financial Malware - October 19, 2018
- Meet the Gazorp Malware Builder - October 18, 2018
- What is Artificial Intelligence: Machine & Deep Learning - September 7, 2018