Friday, April 4, 2025
HomeComputer SecurityHacker Group Behind GozNym Banking Malware Dismantled by International Authorities that Stolen...

Hacker Group Behind GozNym Banking Malware Dismantled by International Authorities that Stolen $100 Million

Published on

SIEM as a Service

Follow Us on Google News

International law enforcement operation brings down a globally operated and well-organized cybercrime network behind GozNym banking malware responsible for stealing $100 million from more than 41,000 victims.

The GozNym banking malware primarily targeted financial institutions; it includes a banking trojan and trojan downloader, which also has the function of ransomware.

GozNym distributed through phishing emails, designed to have appeared from legitimate sources and includes a malicious link or attachment.

The United States charges ten members of the GozNym criminal network in a conspiracy to infect victims computer with malware to capture login credentials, using stolen credentials to gain unauthorized access and for stealing money from victims’ bank accounts.

GozNym

“The International operation was highlighted by the unprecedented initiation of criminal prosecutions against members of the network in four different countries as a result of cooperation between the United States, Georgia, Ukraine, Moldova, Germany, Bulgaria, Europol, and Eurojust,” reads the press release.

GozNym

GozNym cybercrime group also emphasize “cybercrime as a service,” along with services such as bulletproof hosters, money mules networks, crypters, spammers, coders, organizers, and technical support.

According to the Indictment, the defendants reside in Russia, Georgia, Ukraine, Moldova, and Bulgaria. The operation was an unprecedented international effort to share evidence and initiate criminal prosecutions against members of the same criminal network in multiple countries.

The leader of the GozNym malware network who controlled 41 000 victim computers arrested along with his technical assistant is being prosecuted in Georgia.

For hosting they used Bulletproof hosting services, provided by Avalanche, the administrator of the service is now facing prosecution in Ukraine.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

FBI-affiliated Websites Hacked – Hackers Steals Agents Personal data From Websites and Published Online

Two Hackers of Bayrob Malware Gang Convicted for Infecting more than 400,000 Computers Worldwide

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

OpenVPN Flaw Allows Attackers Crash Servers and Run Remote Code

OpenVPN, a widely-used open-source virtual private network (VPN) software, has recently patched a security...

Apache Traffic Server Flaw Allows Request Smuggling Attacks

A critical vulnerability has been discovered in Apache Traffic Server (ATS), an open-source caching...

Secure Ideas Achieves CREST Accreditation and CMMC Level 1 Compliance

Secure Ideas, a premier provider of penetration testing and security consulting services, proudly announces...

New Phishing Campaign Targets Investors to Steal Login Credentials

Symantec has recently identified a sophisticated phishing campaign targeting users of Monex Securities (マネックス証券),...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

OpenVPN Flaw Allows Attackers Crash Servers and Run Remote Code

OpenVPN, a widely-used open-source virtual private network (VPN) software, has recently patched a security...

Apache Traffic Server Flaw Allows Request Smuggling Attacks

A critical vulnerability has been discovered in Apache Traffic Server (ATS), an open-source caching...

New Phishing Campaign Targets Investors to Steal Login Credentials

Symantec has recently identified a sophisticated phishing campaign targeting users of Monex Securities (マネックス証券),...