Police hunt the 'GozNym' malware gang

Five Russian men, including the creator of the virus, are on the run after police capture ring leaders

Europol HQ

Police are on the hunt for five members of a cyber gang which used malware to steal $100 million from more than 41,000 victims.

Police in the US, Germany, Bulgaria, Georgia, Moldova and Ukraine worked together on a complex, cross-border operation to dismantle the group, but five Russian men managed to evade capture and are now on the lamb.

The gang used a form of malware to steal the hefty sum, which has been dubbed 'GozNym' and has proved quite potent. Within the five fugitives is the developer of GozNym, which the gang used to infect computers and capture online banking details.

Details of the operations have been announced by Europol, which called it an "unprecedented, international law enforcement operation". Ten members of the gang have been charged by a federal grand jury in the US with conspiracy to commit online theft.

However, that only explains part of their criminal operation. According to Europol, the gang operated a "cybercrime-as-a-service" concept, with different elements such as bulletproof hosters, money mules networks, crypters, spammers, coders, organisers and even technical support.

The gang advertised its specialist technical skills on a secret, Russian-speaking, online forums. The gang's leader also recruited individuals from these forums leading to the creation of the GozNym network, which provided the leader with access to more than 41 000 victim computers infected with GozNym malware. 

The leader of this criminal network is being prosecuted in Georgia, but the creator of GozNym is still on the run. Europol believes this individual to be the developer of GozNym malware and the person that oversaw its creation, development, management and leasing to other cybercriminals.

GozNym is actually a hybrid of two other pieces of malware: Gozi Trojan and Nymaim. The first of these is known as a "dropper" - software that's designed to covertly move other malware on to a device. Gozi, on the other hand, has been around since 2007, resurfacing time and again with new techniques, all seemingly for stealing financial information.

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Most Popular

Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020
What is Neuralink?
Technology

What is Neuralink?

24 Oct 2020
Hackers demand ransom from therapy patients after clinic data breach
Security

Hackers demand ransom from therapy patients after clinic data breach

27 Oct 2020