19 Oct Meet Gozi: The Number 1 Financial Malware
Posted at 11:20h in IT Security, Ransomware, Security & Hacking, Technology News, Uncategorized
Gozi (Ursnif) is a notorious and widely distributed banking trojan. It is so widely distributed that, according to IBM, it makes up 25% of all malicious activity targeted towards financial institutions, it is a threat that has been on the landscape for multiple years. Previous breaches have heavily targeted the healthcare sector, which led to the compromise of data associated with 3.7 million patients costing $5.55 million.
Over time attackers utilizing Gozi are continually modifying their techniques in order to avoid detection. The malware itself has featured heavily since 2007 and now after over a decade after it was first found, it as seen as the most prevalent financial malware:
Typically the threat actor distributes this malware in low-volume targeted attacks, as opposed to mass spam mail campaigns. By utilizing this tactic, they are able to stay under the radar and spend their time crafting convincing, well-executed emails and maximize the chance that the email will be opened and the packet downloaded.
The attackers move swiftly from domains and IP addresses, not only for each campaign but for each individual email, making it almost impossible to block. The campaigns themselves are launched weekly in order to dupe more victims and generate more money for attackers.
The malware is typically distributed using malicious spam email campaigns, which feature a Microsoft Word file which acts and the payload downloader. Hackers attempt to make the email seem like it is part of an existing thread in the hopes to increase its legitimacy and open rate. The emails are usually well crafted and written – something that is not typical for most mass-email campaigns.
The word file comes with an embedded VBA which is executed when the word document is closed. This is smart as by only activating once the document is closed it can bypass some sandbox systems which are activated only when documents are opened.
What Does Gozi Do?
Gozi is able to inject itself into Windows operating systems web browsers, allowing hackers to monitor browsing activity and hoover up data and credentials that are put into forms.
- What is the best platform for eCommerce Websites? Shopify, Magento, or WordPress? - July 23, 2019
- What should I do, I have received a letter requesting a BSA software audit? - July 15, 2019
- What is the BSA Software Alliance? - July 15, 2019
- Benefits of Office 365 for Business – What plan is for you? - June 21, 2019
- Office 365 Business Premium vs Essentials: - June 20, 2019
- Office 365 Business Premium vs Business (Standard): - June 20, 2019
- Office 365 Business Premium vs E5, E3, E1 & Pro Plus - June 18, 2019
- What is Microsoft Office 365 Business Premium? Plans & Pricing - June 13, 2019
- The 5 Ways We Build White Hat SEO Backlinks (with Examples) – B2B Corporate Marketing - May 3, 2019
- What makes Google Mobile Advertising so powerful? - January 30, 2019