According to a recent report from CNBC, the IBM Security team has uncovered a serpent-like Trojan called as GozNym. The GozNym malware targets banking accounts and it remains asleep until the user starts logging into his bank account using net banking. This news has certainly generated a wave of concern as it clearly indicates that we cannot fully rely on our bank’s internet security software.
What is the GozNym malware capable of
The IBM Security team calls the GozNym malware a highly threatening Trojan, as it targets the banking accounts. The malware works in such a way that it can remain dormant until the user starts accessing his money through online banking.
Etay Maor, an executive advisor with IBM Security said,
“We already know of $4 million that was stolen by this malware. The criminal is sitting on the other end obtaining that info in real time”
Such a malware is only detected and yet its antidote hasn’t been found. Etay and his Israel-based team discovered the GyzNom malware. The GyzNom malware has already been used against certain (undisclosed) banks in the U.S., Canada and Europe.
The report describes how GyzNom malware works.
“The virus, known as GozNym, is a combination of two pieces of malware — one that infects the computer and the other that waits silently like a serpent until the user visits the website of a financial institution.”
The worst thing about this malware is that, researchers are not able to analyze it because the hackers have increased the encryption. And that’s why it has become difficult to break it open. Maor mentions how much encrypted the GyzNom malware is,
“When we first saw it, we were saying something bad is happening here, but we’ve never seen this before… there are so many layers, we had to break in just to understand what it was”
Even the anti-virus software and other programs are not able to detect it. Thus, the end user is in complete danger with this malware. Users are exposed to the GozNym malware when they click on the links in emails. These emails might have a message about a security solution or an update. When clicked on the link, nothing seems to happen; but the malware starts its malicious activities in the background.
According to Maor’s team the hackers who created this malware are based somewhere in Eastern Europe.
You can read more about this on CNBC.