Police hunt the 'GozNym' malware gang

Five Russian men, including the creator of the virus, are on the run after police capture ring leaders

Europol HQ

Police are on the hunt for five members of a cyber gang which used malware to steal $100 million from more than 41,000 victims.

Police in the US, Germany, Bulgaria, Georgia, Moldova and Ukraine worked together on a complex, cross-border operation to dismantle the group, but five Russian men managed to evade capture and are now on the lamb.

Advertisement - Article continues below

The gang used a form of malware to steal the hefty sum, which has been dubbed 'GozNym' and has proved quite potent. Within the five fugitives is the developer of GozNym, which the gang used to infect computers and capture online banking details.

Details of the operations have been announced by Europol, which called it an "unprecedented, international law enforcement operation". Ten members of the gang have been charged by a federal grand jury in the US with conspiracy to commit online theft.

However, that only explains part of their criminal operation. According to Europol, the gang operated a "cybercrime-as-a-service" concept, with different elements such as bulletproof hosters, money mules networks, crypters, spammers, coders, organisers and even technical support.

The gang advertised its specialist technical skills on a secret, Russian-speaking, online forums. The gang's leader also recruited individuals from these forums leading to the creation of the GozNym network, which provided the leader with access to more than 41 000 victim computers infected with GozNym malware. 

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The leader of this criminal network is being prosecuted in Georgia, but the creator of GozNym is still on the run. Europol believes this individual to be the developer of GozNym malware and the person that oversaw its creation, development, management and leasing to other cybercriminals.

GozNym is actually a hybrid of two other pieces of malware: Gozi Trojan and Nymaim. The first of these is known as a "dropper" - software that's designed to covertly move other malware on to a device. Gozi, on the other hand, has been around since 2007, resurfacing time and again with new techniques, all seemingly for stealing financial information.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now
Advertisement

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
Police use of facial recognition ruled unlawful in the UK
privacy

Police use of facial recognition ruled unlawful in the UK

11 Aug 2020