Police hunt the 'GozNym' malware gang
Five Russian men, including the creator of the virus, are on the run after police capture ring leaders
Police are on the hunt for five members of a cyber gang which used malware to steal $100 million from more than 41,000 victims.
Police in the US, Germany, Bulgaria, Georgia, Moldova and Ukraine worked together on a complex, cross-border operation to dismantle the group, but five Russian men managed to evade capture and are now on the lamb.
The gang used a form of malware to steal the hefty sum, which has been dubbed 'GozNym' and has proved quite potent. Within the five fugitives is the developer of GozNym, which the gang used to infect computers and capture online banking details.
Details of the operations have been announced by Europol, which called it an "unprecedented, international law enforcement operation". Ten members of the gang have been charged by a federal grand jury in the US with conspiracy to commit online theft.
However, that only explains part of their criminal operation. According to Europol, the gang operated a "cybercrime-as-a-service" concept, with different elements such as bulletproof hosters, money mules networks, crypters, spammers, coders, organisers and even technical support.
The gang advertised its specialist technical skills on a secret, Russian-speaking, online forums. The gang's leader also recruited individuals from these forums leading to the creation of the GozNym network, which provided the leader with access to more than 41 000 victim computers infected with GozNym malware.
The leader of this criminal network is being prosecuted in Georgia, but the creator of GozNym is still on the run. Europol believes this individual to be the developer of GozNym malware and the person that oversaw its creation, development, management and leasing to other cybercriminals.
GozNym is actually a hybrid of two other pieces of malware: Gozi Trojan and Nymaim. The first of these is known as a "dropper" - software that's designed to covertly move other malware on to a device. Gozi, on the other hand, has been around since 2007, resurfacing time and again with new techniques, all seemingly for stealing financial information.
The complete guide to changing your phone system provider
Optimise your phone system for better business resultsDownload now
Simplify cluster security at scale
Centralised secrets management across hybrid, multi-cloud environmentsDownload now
The endpoint as a key element of your security infrastructure
Threats to endpoints in a world of remote workingDownload now
2021 state of IT asset management report
The role of IT asset management for maximising technology investmentsDownload now