Europol arrested GozNym banking malware group

Arrests in Europe and the US seem to be the cyber crime careers of the gang behind the GozNym bank malware.

According to Europol, which coordinated the pursuit of ten people in Ukraine, Moldova, Georgia, Bulgaria, Germany and the US, GozNym stole $ 100 million by infecting 41,000 devices around the world – mainly business computers.

Among those arrested were the alleged network brain behind, arrested in Georgia, and another person in Ukraine who tried in vain to escape the police by making a firearm. Five unnamed Russians remain on the run.

The GozNym malware was created sometime around 2015 by combining the code of two older malware, the well-known banking Trojan Gozi that leaked in 2010 and the Nymaim dripper, a more recent malware that is most commonly used to release ransomware attacks .

The combination combined the best of two somewhat different worlds, and appeared in 2016 in attacks against customers of two dozen American and Canadian banks.

The attacks used a general technique – blowing out the malware in phishing campaigns, or via exploit kits planted on websites; recording online bank references; gain access to those accounts to steal money; and money laundering:

The GozNym network illustrated the concept of cyber crime as a service, with various criminal services such as bulletproof hosters, money emule networks, crypters, spammers, coders, organizers and technical support.

The gangs behind them were highly specialized in their roles, each performing different tasks, from coding, sending phishing emails and tending towards the cash flow of victims.