Threat Database Trojans Gozi Trojan

Gozi Trojan

Threat Scorecard

Threat Level: 90 % (High)
Infected Computers: 75
First Seen: October 26, 2012
Last Seen: October 1, 2019
OS(es) Affected: Windows

There's a variant of the Zeus Trojan that has targeted banks and credit unions in the United States in October of 2012. This malware infection, known as the Gozi Trojan, has managed to steal sensitive data belonging to customers of important credit unions all around the United States. The Gozi Trojan attacks the targeted financial institutions' websites by inserting fields into the website in order to trick visitors into handing over their private information. The Gozi Trojan has affected at least thirty banks in the United States, often using fraudulent signatures in order to infiltrate secure networks. ESG security researchers have also observed the involvement of more than one hundred botnets in an effort to steal money using information stolen with the Gozi Trojan and transfer that money to offshore accounts. The criminals responsible for the Gozi Trojan and for these fraudulent wire transfers appear to be based in the Russian Federation, which is an outstanding country for harboring many criminals associated with high profile computer crimes.

The Trojan Zeus, also called Zbot, is among the most notorious banking Trojans of all time. ESG security researchers have observed malware attacks associated with this threat happening on several countries. One of the factors that have influenced the spread of variants of this dangerous banking Trojan is that its code was released a few years ago, available to criminals on underground file sharing networks and websites. In the past, crafting a banking Trojan as sophisticated as the Zeus Trojan required expert computer knowledge and large amounts of time and money, but with the release of this malware code, it has allowed relatively low profile criminals to use this dangerous banking Trojan as a starting point for their own malware attacks. In fact, many computer users are calling attacks with this level of sophistication the 'new normal' due to the fact that banking Trojans like the Gozi Trojan use components of the Zeus Trojan to carry out sophisticated file stealing maneuvers.

Most Gozi Trojan attacks initiate with a social engineering approach. Like most Trojan infection, the Gozi Trojan requires the victims themselves to download and install this threat. Because of this, the Gozi Trojan is typically spread through spam email messages or bundled with other files, disguised as a harmless video codec or player download.

SpyHunter Detects & Remove Gozi Trojan

File System Details

Gozi Trojan creates the following file(s):
# File Name MD5 Detections
1. 4905cedbfaa8feb50a48b82af14a65e5 4905cedbfaa8feb50a48b82af14a65e5 0
2. 163e46fbb3e13199b67c13fdecd934bb 163e46fbb3e13199b67c13fdecd934bb 0
3. 8e8f1f48abfab5b34de3da348e783aa6 8e8f1f48abfab5b34de3da348e783aa6 0

Registry Details

Gozi Trojan creates the following registry entry or registry entries:
Regexp file mask
%APPDATA%\tasklogon.exe
%APPDATA%\tasklogons.exe

Trending

Most Viewed

Loading...