A new form of malware has been discovered that is believed to have stolen more than $4 million from American and Canadian banks, according to research published late last week.

Dubbed GozNym by International Business Machine Corp. (IBM) security researchers, the malware is said to be a hybrid version of two previous types of malware known as Nymaim and Gozi and takes the best of both; from Nymaim it leverages a “dropper” capability that allows additional malware to be installed on an infected machine, while from Gozi it adds Trojan capabilities to facilitate fraud via infected Internet browsers.

The program is largely targeting business accounts, mostly in the United States, and also oddly enough credit union accounts and “popular e-commerce platforms.”

Targets of the malware are said to be customers and not banks directly with the malware infecting a computer quietly with the person targeted not knowing they have been infected; once infected the malware is able to deploy a number of different methods to steal and transmit information, and is also able to log keystrokes to steal usernames and passwords.

Although they cannot be entirely certain, the IBM team believe that the malware originated from East Europe and the team behind the original Nymaim malware given that they are the only people who have access to the code to create the hybrid to begin with.

Detection

IBM says that because this is a case of a hybrid trojan, it is as stealthy and persistent as its parent Nymaim, while possessing the Gozi trojan ability to manipulate web sessions, resulting in advanced online banking fraud attacks.

The company says that it has informed banks that have been targeted so for, but other service providers should “use adaptive malware detection solutions and protect customer endpoints with malware intelligence that provides real-time insight into fraudster techniques and capabilities, designed to address the relentless evolution of the threat landscape.”

More details on GozNym can be found on the IBM X-team security post here.

Image source: miniyo73/Flickr/CC by 2.0