New malware steals $4M at US, Canadian banks

New malware steals $4M at US, Canadian banks
© Getty Images

A new kind of malicious software has been used to steal roughly $4 million this month from customers at dozens of banks in the U.S. and Canada, according to IBM researchers.


The so-called GozNym virus — a hybrid of two known malware strains — has targeted 22 banks, credit unions and popular e-commerce platforms in the U.S., as well as two financial institutions in Canada, the researchers said.

IBM did not identify the banks but told The Wall Street Journal that they have been alerted to the virus.

Unlike other cyberattacks that target either employees or the bank’s systems, GozNym uses a phishing scheme to trick customers into clicking malicious links in an email. The link installs the virus on victims’ computers, where it lies dormant until they log into their bank account.

The virus is able to record and transmit information in different ways, including recording keystrokes or taking screen captures of the bank account screen, Etay Maor, executive security adviser at IBM Security, told the Journal.

IBM believes the attackers originate from a criminal organization in Eastern Europe, according to Maor.

The U.S. has been cracking down on Eastern European nationals who profit from spreading malware. Last fall, Russian national Dimitry Belorossov was sentenced to four-and-a-half years in prison for his role in distributing and managing banking malware that infected over 11 million computers worldwide.

Belorossov used spam emails and commercial Internet ads linking to malware to distribute and install a bot known as Citadel onto victims’ computers. At one point he controlled over 7,000 bots, authorities say.

Like GozNym, Citadel was a so-called Trojan — a kind of malware disguised as legitimate software.

The crime ring operating Citadel and other bots like it is thought to be responsible for over $500 million in losses.