Hackers use new “double-headed beast” Trojan to steal $4m from US banks in just 3 days
Hackers combine two powerful Trojans to create a new sinister malwareGetty Images

In early April, a new Trojan offspring emerged to wreck havoc on the financial world. Two potent kinds of malware, Gozi ISFB and Nymaim, were combined by hackers to create a "double-headed beast" called GozNym to steal $4m US banks in just a matter of days.

The Trojan, identified by IBM X-Force Research, is believed to have stolen millions from 24 American and Canadian banks in just three days. IBM security researchers have speculated that the hackers responsible for developing the new Trojan and for the theft could have possibly hailed from Eastern Europe, an area known for cybercrime activity.

IBM security advisor Limor Kessem told Threatpost: "GozNym is an extremely stealthy Trojan combining the best of both Nymaim and Gozi ISFB to create a very problematic threat. The attack numbers for GozNym have been extremely high given it's only been around since April." Kessem added, "Together these two Trojans work much more effectively than apart."

An anonymous source said that while GozNym was also found to be active in Asia and Europe, it only appeared to target American banks involved in overseas operations, the Forbes reported.

The new Trojan is reportedly being spread via malware-infected emails, which then allow hackers to scan and access the victim's browser, gain access to their data and credentials and break into their bank accounts.

Origins of Gozi ISFB and Nymain

The Gozi Trojan has been active since 2007 and was well-known for stealing SSL data. It was used extensively for directing cyberattacks at banks. The Nymaim Trojan made its appearance in 2013 and was classified as a ransomware. However, the source code for both Trojans was leaked, which eventually led to malicious third-party hackers combining the two to create the GozNym.

A marked increase in cyberattacks has been noticed by various international governments. The latest controversy surrounding the Panama Papers leak is now also believed to have been due to a hack on the Mossack Fonseca law firm's servers. As cybercriminals work on evolving their attacks, governments and private financial entities are now scrambling to shore up their defences against online threats.