The malware redirects victims to perfect replicas of online banking websites Credit: IDGNS A hybrid Trojan program created for financial fraud has started redirecting users of four large U.S. banks to rogue websites in order to hijack their accounts. GozNym is a relatively new threat, first discovered in April, and is based on the Nymaim malware dropper and the Gozi banking Trojan. Like most banking Trojans, GozNym can inject rogue code into banking websites displayed in local browsers in order to steal credentials and other sensitive information. However, in addition to this old technique, the cybercrime gang behind it has also built the necessary infrastructure to host rogue copies of banking websites, and they’ve started to redirect victims there. GozNym used this redirection method two months ago against users of several banking websites from Poland. However, according to researchers from IBM’s X-Force team, its authors have recently launched similar attacks against the online business banking services of four large U.S. banks. First, the Trojan redirects the victim to the fake version of the site hosted on the attackers’ infrastructure, and it then temporarily displays a white overlay over the page. This unusual masking trick might be intended to distract the users and to make them believe that the page is harmless. The fake sites are perfect replicas of the real ones. The malware uses some technical tricks locally to keep the bank’s real URL in the address bar and even the SSL certificate. Once users input their credentials into the fake website, the credentials are tested in real-time against the bank’s genuine website. If they work, the attackers initiate fraudulent money transfers out of the victim’s account. “Moreover, the victim is kept on the fake website, where the attacker can push social engineering notifications to them, making them divulge personally identifiable information and two-factor authentication elements,” the IBM X-Force researchers said in a blog post. Despite being new, GozNym is quickly gaining ground in the cybercrime arena, currently ranking fifth for banking Trojan activity in 2016. The IBM researchers expect that after this testing period, its creators will add more U.S. banking websites to the rogue redirection list. The researchers didn’t name the original banks targeted. In addition to the usual security recommendations of keeping software up to date, running an antivirus program, and being wary of email attachments, employees in charge of finances inside companies should try to use dedicated computers to access bank accounts and operate financial transactions. These computers shouldn’t be used for other tasks like general browsing and email. Related content news Cisco shows off new AI features to secure data flows The networking giant is busy embedding AI capabilities across the Cisco Security Cloud and beyond. By John E. Dunn Jun 04, 2024 4 mins Generative AI Network Security Networking news Network jobs watch: Hiring, skills and certification trends What IT leaders need to know about expanding responsibilities, new titles and hot skills for network professionals and I&O teams. By Denise Dubie Jun 04, 2024 10 mins Careers Data Center Networking news 2024 global network outage report and internet health check ThousandEyes tracks internet and cloud traffic and provides Network World with weekly updates on the performance of ISPs, cloud service providers, and UCaaS providers. By Ann Bednarz Jun 04, 2024 52 mins Internet Service Providers Network Management Software Cloud Computing how-to Pipe viewer: Using the pv command on Linux The pv command is especially helpful when you are running tasks that take a long time to complete and you want some feedback that displays your progress. By Sandra Henry Stocker Jun 04, 2024 3 mins Linux PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe