Creator Of Bank Hacking Gozi Malware To Pay $6.9M

Hacker behind Gozi malware sentenced

The Russian national behind global banking malware that was responsible for stealing money from bank accounts across the U.S. and Europe was sentenced on Monday (May 2) to the 37 months he has served in custody and to cough up $6.9 million for his crimes.

Nikita Kuzmin, who created the “Gozi” malware, pled guilty to various computer intrusion and fraud charges back in May 2011, the United States Attorney for the Southern District of New York said in a press release. The malicious software is known to have infected over 1 million computers globally and caused tens of millions of dollars in losses since it was first distributed in 2007.

Kuzmin not only was responsible for developing Gozi but also created “innovative means of distributing and profiting from it,” the statement said.

“Unlike many cybercriminals at the time, who profited from malware solely by using it to steal money, Kuzmin rented out Gozi to other criminals, pioneering the model of cybercriminals as service providers for other criminals,” the charging and sentencing documents explained. “For a fee of $500 a week paid in WebMoney, a digital currency widely used by cybercriminals, Kuzmin rented the Gozi ‘executable,’ the file that could be used to infect victims with Gozi malware, to other criminals.”

Though Kuzmin’s willingness to help investigators by cooperating with their probe into his accomplices has saved him from serving any additional jail time, Bloomberg reported, he will still be forced to pay forfeiture and restitution in the amount of $6,934,979.

Unfortunately, for the banking industry, the threat of Gozi continues to live on.

Last month, it was reported that a hybrid Trojan malware is on the loose and has been used in attacks against more than 24 different U.S. and Canadian banks.

IBM X-Force Research uncovered the new threat, dubbed GozNym, because it is a combination of Nymaim and Gozi ISFB malware, and believes it has already been able to steal millions of dollars from the financial institutions it’s targeted.

Limor Kessem, executive security advisor at IBM, said:

“The new GozNym hybrid takes the best of both the Nymaim and Gozi ISFB malware to create a powerful Trojan. From the Nymaim malware, it leverages the dropper’s stealth and persistence; the Gozi ISFB parts add the banking Trojan’s capabilities to facilitate fraud via infected Internet browsers. The end result is a new banking Trojan in the wild,” she added.