‘Double-Headed Beast’ Banking Malware Is On The Prowl

A hybrid Trojan malware is on the loose and has been used in attacks against more than 24 different U.S. and Canadian banks.

IBM X-Force Research uncovered the new threat, dubbed GozNym, because it is a combination of Nymaim and Gozi ISFB malware, and believes it has already been able to steal millions of dollars from the financial institutions it’s targeted.

Limor Kessem, executive security advisor at IBM, said:

“The new GozNym hybrid takes the best of both the Nymaim and Gozi ISFB malware to create a powerful Trojan. From the Nymaim malware, it leverages the dropper’s stealth and persistence; the Gozi ISFB parts add the banking Trojan’s capabilities to facilitate fraud via infected Internet browsers. The end result is a new banking Trojan in the wild,” she added.

As Kessem pointed out, the malware works like a “double-headed beast,” bringing the two codes together to carry out the internal operations of the malicious banking Trojan.

X-Force confirmed that the malware’s configuration is currently focused on the U.S., in which it has targeted 22 credit unions, banks and eCommerce platforms, but there are also two financial institutions from Canada that have been attacked as well.

“To help stop threats like GozNym, banks and service providers can use adaptive malware detection solutions and protect customer endpoints with malware intelligence that provides real-time insight into fraudster techniques and capabilities, designed to address the relentless evolution of the threat landscape,” Kessem explained.

A study last year from SecurityScorecard revealed that malware is getting more sophisticated and tougher to block.

A report by CIO delved into the details of the study, which explains that the sheer volume of types of malware are making it harder for companies to keep up with and that malware will only get worse.

The study discovered that more than 4,700 companies had suffered from some sort of banking malware — leaving many banks open to the possibility of attack. The report also detailed data about computers that may be part of a “network of infected machines, known as a botnet.” The study found nearly 12,000 infections across those impacted organizations.