GozNym malware criminal group was finally dismantled during a worldwide operation
Europol has recently stated that the cyber crooks who were responsible for GozNym malware attacks were successfully dismantled during an international operation. These people were already known for their malicious work worldwide as they have swindled about $100 million from around 41 000 victims globally.
There are 10 criminals who have been charged for stealing this amount of money by spreading GozNym. However, only five of them are already caught and the other five still remain somewhere in freedom. What is more, the creator and developer of GozNym malware is also one of the five who are still running from justice. For some further information, GozNym is a banking trojan which reached the surface in 2016 and since then has been affecting numerous people.
Other speculations say that the group members supposedly are located in Moldova, Bulgaria, Ukraine, and Russia. All of these people also have a part in the malware creation. For example, one injected a feature into GozNym that allowed it to avoid detection by antivirus programs, the others related in monetary thefts from victims bank accounts.
Crooks were charged for launching the malware, stealing credentials and money
Furthermore, The United States of America released a report in which all of the crimes are included. The statement claims that all of the ten members of the criminal group who will need to take the penalty are responsible for these actions:
- Launching GozNym malware on numerous computer systems to steal credentials.
- Using the stolen data to swindle money from victims bank accounts without their notice.
- Relating to monetary thefts from users and laundering all of the income by using bank accounts located in The United States of America and other countries.
Talking about the distribution techniques of GozNym malware, one Russian member was found sending suspicious spam messages which included the malicious payload to numerous victims. These emails were designed to pose a legitimate look and convince the users into opening them and clicking on the inserted link or attachment where the malware was hidden. This way the criminals have launched numerous malicious operations by using only legitimate-looking email letters.
The Avalanche administrator has also been caught in Ukraine
The Avalanche network was the one who provided hosting services to the criminals who are responsible for distributing GozNym. Additionally, this network has been known for providing similar services to hundreds of other cyber crooks and supporting different types of malicious campaigns one of which appears to be GozNym. According to the latest news, this person is now facing justice in Ukraine:
The administrator’s apartment in Poltava, Ukraine, was searched in November 2016 during a German-led operation to dismantle the network’s servers and other infrastructure. Through the coordinated efforts being announced today, this alleged cybercriminal is now facing prosecution in Ukraine for his role in providing bulletproof hosting services to the GozNym criminal network. The prosecution will be conducted by the Prosecutor General’s Office of Ukraine and the National Police of Ukraine.
This operation has been supported by a big variety of justice organizations. Some of them included the United States Attorney’s Office for the Western District of Pennsylvania, the FBI’s Pittsburgh Field Office, the Public Prosecutor’s Office Verden (Germany), Office of the Prosecutor General of the Republic of Moldova, Prosecutor General’s Office of Ukraine, the Prosecutor’s Office of Georgia, and many others.