GozNym Malware Hackers Sentenced

Uploaded on 2020-01-08 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial

Three members of an international organised cybercrime group have been sentenced to prison. The criminals used the GozNym banking Trojan to break into more than 4,000 victim computers globally, primarily in the United States and Europe in 2015 and 2016, and steal nearly $100 million from their banking accounts.

In May last year, Europol took down the cybercrime network behind GozNym, with the United States issuing charges against a total of ten members of the group, 5 of which were arrested at that time, while five others, including the developer of GozNym, remain at the run. 

In a US federal court in Pittsburgh, Krasimir Nikolov, one of the group's members, was sentenced to a period of time served after having served over 39 months in prison for his role as an "account takeover specialist" in the scheme, and will now be transferred to Bulgaria.

Nikolov, 47, was arrested in September 2016 by Bulgarian authorities and extradited to  the US in December 2016 to face federal charges of criminal conspiracy, computer fraud, and bank fraud. "Nikolov used the victims' stolen online banking credentials captured by GozNym malware to access victims' online bank accounts and attempt to steal victims' money through electronic transfers into bank accounts controlled by fellow conspirators," the DoJ has said.

Two other GozNym group members were recently sentenced; Alexander Konovolov and Marat Kazandjian, also participated in the scheme and sentenced to seven and five years of imprisonment, respectively. 

While Konovolov served as a primary organiser and leader of the GozNym network that controlled over 41,000 infected computers and recruited cybercriminals using underground online criminal forums, Kazandjian was his primary assistant and technical administrator.

GozNym is a notorious banking Trojan that was developed by combining two known powerful Trojans, Gozi ISFB malware, a banking Trojan that first appeared in 2012, and Nymaim, a Trojan downloader that can also function as ransomware.The malware, primarily delivered via massive malspam campaigns to hack on victims' Windows PCs, waits for victims to enter their banking passwords into their web browser, captures them, and then used them to break into victims' bank accounts and fraudulently transfer funds to their own accounts.

GozNym malware network was hosted and operated through "Avalanche" bulletproof service, whose administrator was arrested in Ukraine during a search in November 2016.

"This new paradigm involves unprecedented levels of cooperation with willing and trusted law enforcement partners around the world who share our goals of searching, arresting, and prosecuting cyber criminals no matter where they might be," said US Attorney Scott W. Brady.

US Dept. of Justice:         The Hacker News:       Image: Christoph Scholz

You Might Also Read: 

Bank Creates Its Own AI To Identify & Disintegrate Malware:

$5m Bounty For Russian Hacker:

 

 

 

« Ten Predictions For Smart Cities
Iran Launches Missile & Cyber Attacks On The US »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

JLT Specialty

JLT Specialty

JLT Specialty is a leading specialist insurance broker. Services offered include Cyber Risks insurance.

mnemonic

mnemonic

mnemonic helps businesses manage their security risks, protect their data and defend against cyber threats.

SEWORKS

SEWORKS

SEWORKS provides offensive and defensive app security that ensures mobile and web apps are safe from dangerous hacking threats.

VADO Security Technologies

VADO Security Technologies

VADO Security enables the safe transfer of data between low & high security networks.

Malomatia

Malomatia

Malomatia is a leading provider of technology services and solutions in Qatar including information security.

ArcusTeam

ArcusTeam

ArcusTeam is at the forefront of the firmware and applications security industry, with a mission to increase the level of security on all IoT devices and applications.

GM Security Technologies

GM Security Technologies

GM Security Technologies provides leading managed security services of the highest quality to every type of individual and organization in Puerto Rico, Caribbean and Latin America.

Startup Wise Guys

Startup Wise Guys

Startup Wise Guys is a mentorship-driven accelerator program for early stage B2B SaaS, Fintech, Cybersecurity & Defense AI startups.

SignalSEC

SignalSEC

SignalSEC provides vulnerability intelligence, malware analysis, penetration testing and associated training services.

National Institute for Research & Development in Informatics (ICI Bucharest) - Romania

National Institute for Research & Development in Informatics (ICI Bucharest) - Romania

ICI Bucharest is the most important institute in the field of research, development and innovation in information and communication technology (ICT) in Romania.

Winbond Electronics

Winbond Electronics

Winbond is a Specialty memory IC company. Product lines include Code Storage Flash Memory, TrustME® Secure Flash, Specialty DRAM and Mobile DRAM.

CatchProbe Intelligence Technologies

CatchProbe Intelligence Technologies

CatchProbe provides actionable web intelligence, OSINT, deception systems, threat intelligence, and digital crime analytics solutions and products through an AI-Driven intelligence platform.

Trojan Horse Security

Trojan Horse Security

Trojan Horse Security are specialists in corporate security. Our services include: Comprehensive Cyber Security Analysis, Penetration Testing, Network Security and Security Audits.

Options Technology

Options Technology

Options is a global leader in financial technology, specialising in Capital Markets technology and enterprise-grade solutions.

Xantaro

Xantaro

Xantaro specializes in technologies, software and services for Carriers, ISPs, Hosting and Cloud Providers as well as for Operators of Data Centres and Campus Networks.

Hydden

Hydden

Hydden gives security teams the ability to create a solid foundation to build a truly next-gen identity security practice by bridging the gaps between siloed teams and technologies.