In a joint effort by several law enforcement agencies from 6 different countries, officials have dismantled a major global organized cybercrime behind GozNym banking malware.
GozNym banking malware is responsible for stealing nearly $100 million from over 41,000 victims across the globe for years.
GozNym was created by combining two known powerful Trojans—Gozi ISFB malware, a banking Trojan that first appeared in 2012 and Nymaim, a Trojan downloader that can also function as ransomware.
In a press conference held on Thursday, Europol said the operation was successfully conducted with the cooperation between Bulgaria, Germany, Georgia, Moldova, Ukraine, and the United States.
The United States has charged ten members of the GozNym criminal network, 5 of which who were arrested during several coordinated searches conducted in Bulgaria, Georgia, Moldova, and Ukraine.
The remaining five defendants are Russians and remain on the run, including one who developed the GozNym malware and leased it to other cybercriminals.
A member of the group who encrypted GozNym malware to avoid detection by anti-virus tools was arrested and is being prosecuted in the Republic of Moldova.
Another member of the group was already arrested three years ago by the Bulgarian authorities on charges related to the Avalanche malware network.
The members of the group infected victims’ computers with GozNym malware and captured their online banking login credentials, using which they fraudulently stole money and then launder funds using the U.S. and foreign bank accounts.
“The defendants advertised their specialized technical skills and services on underground, Russian-speaking online criminal forums. The GozNym network was formed when these individuals were recruited from the online forums by the GozNym leader who controlled more than 41 000 victim computers infected with GozNym malware,” the Europol said.
“The leader of the GozNym criminal network, along with his technical assistant, are being prosecuted in Georgia by the Prosecutor’s Office of Georgia and the Ministry of Internal Affairs of Georgia.”
GozNym malware network was hosted and operated through a bulletproof service called “Avalanche” network, whose administrator was arrested in Ukraine, during a search in November 2016.
This is a developing story.