NEWS
NEWS
NEWS
Global banks targeted by new versions of the infamous Gozi trojan
A new report from security firm buguroo (BUGUROO OFFENSIVE SECURITY S.L.) has revealed a new campaign targeting global banks and finance companies that is utilizing more effective versions of the infamous Gozi trojan.
According to the report, targeted companies include PayPal, CitiDirect BE, ING Bank, Société Générale, BNP Paribas, the Bank of Tokyo and others and are currently being honed in Poland, Japan, and Spain before likely being launched in the United States and Western Europe once perfected.
The new versions of Gozi are said to go undetected by web fraud solutions as it uses an elaborate form of web injection that is optimized to avoid detection.
When an infected user at a targeted financial institution attempts a transaction the Command and Control service is notified in real time and sends the users’ browser the information necessary for carrying out a fraudulent transfer.
On the screen the injected code shows the user a fraudulent deposit-pending alert requesting the security key to complete the transfer; this sits on top of the actual real transfer page drawing in the target to key in their code.
Interestingly the account information of the infected user can include the SWIFT BIC and account information used for international money transfers, with buguroo suggesting that the new Gozi variants may underlie the recent spate of fraudulent transfers reported by a number of central banks that utilized Swift for transfers.
Biometric bypass
Making the evolution of Gozi fascinating (presuming you can appreciate the dark arts) is that in certain newer versions the trojan is said to send a form of biometric information to its control panel, including details of how long the user takes to move from an input field to the next or the time between keystrokes; it then subsequently uses these values to fill in the necessary field to perform the fraudulent transfer in an attempt to bypass protection systems that utilize the biometrics of the given user, or put more simply it inputs data back into the system mimicking the way the given user types.
“Perhaps most importantly for businesses, these campaigns are sophisticated enough to evade traditional web fraud detection tools,” the report concludes. “Companies are advised to install Internet-based, real-time web fraud detection to prevent these attacks from happening to them.”
A full copy of the report is available from buguroo here.
Image credit: Pixabay/Public Domain CC0
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
