UPDATED 01:13 EDT / AUGUST 22 2016


Global banks targeted by new versions of the infamous Gozi trojan

A new report from security firm buguroo (BUGUROO OFFENSIVE SECURITY S.L.) has revealed a new campaign targeting global banks and finance companies that is utilizing more effective versions of the infamous Gozi trojan.

According to the report, targeted companies include PayPal, CitiDirect BE, ING Bank, Société Générale, BNP Paribas, the Bank of Tokyo and others and are currently being honed in Poland, Japan, and Spain before likely being launched in the United States and Western Europe once perfected.

The new versions of Gozi are said to go undetected by web fraud solutions as it uses an elaborate form of web injection that is optimized to avoid detection.

When an infected user at a targeted financial institution attempts a transaction the Command and Control service is notified in real time and sends the users’ browser the information necessary for carrying out a fraudulent transfer.

On the screen the injected code shows the user a fraudulent deposit-pending alert requesting the security key to complete the transfer; this sits on top of the actual real transfer page drawing in the target to key in their code.

Interestingly the account information of the infected user can include the SWIFT BIC and account information used for international money transfers, with buguroo suggesting that the new Gozi variants may underlie the recent spate of fraudulent transfers reported by a number of central banks that utilized Swift for transfers.

Biometric bypass

Making the evolution of Gozi fascinating (presuming you can appreciate the dark arts) is that in certain newer versions the trojan is said to send a form of biometric information to its control panel, including details of how long the user takes to move from an input field to the next or the time between keystrokes; it then subsequently uses these values to fill in the necessary field to perform the fraudulent transfer in an attempt to bypass protection systems that utilize the biometrics of the given user, or put more simply it inputs data back into the system mimicking the way the given user types.

“Perhaps most importantly for businesses, these campaigns are sophisticated enough to evade traditional web fraud detection tools,” the report concludes. “Companies are advised to install Internet-based, real-time web fraud detection to prevent these attacks from happening to them.”

A full copy of the report is available from buguroo here.

Image credit: Pixabay/Public Domain CC0

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy