FB pixel

New Gozi Trojan can dupe some behavioral biometrics security measures

 

A new version of the Gozi banking trojan that is currently active in Japan, Spain, and Poland, has the ability to go undetected by some behavioral biometrics security measures, according to a report by Softpedia.

The new Gozi version targets a range of financial organizations including PayPal, CitiDirect BE, ING Bank, Société Générale, BNP Paribas, and the Bank of Tokyo.

This latest version of Gozi is not related to GozNym, another banking trojan that been circulating following last year’s leak of the Gozi source code, according to buguroo Threat Intelligence Lab.

Similar to the original Gozi strain, this new version uses Web injection attacks. GozNym also used Web injection attacks before eventually shifting over to redirection attacks in June.

Web injection attacks use the malicious DLLs loaded in the user’s browser to display overlays on top of a Web page when the victim visits a banking portal supported by the trojan’s modules.

Each Gozi module supports a Web injection package that displays a fraudulent page on top of the original banking portal, enabling a Web injection module to be assigned to each targeted financial institution.

These modules gather login credentials for the banking portal during the login process, but they can also overthrow the payment transfer page.

A few of these Web injection attacks can occur in real time, with the criminal deciding on what ‘mule’ account to redirect stolen money, and for what amount. Buguroo said it detected this kind of behavior in recent Gozi infections.

In other infections involving smaller accounts, the automated Gozi trojan selected a random mule account and fixed payment sum.

However, in cases where the trojan infected high-value targets, a human operator assumed the role and selected which “mule” account to redirect the money, and ultimately attempted to steal a higher sum.

As a defense tactic against banking trojans like Gozi, many banks have implemented behavioral biometrics solutions that record the speed and cadence at which users type and move the cursor between input fields.

Security experts at buguroo say that this new Gozi strain can also record these values to bypass these security measures.

“The malware uses these values to fill the necessary fields to perform the fraudulent transfer in what appears to be an attempt to bypass protection systems based on biometrics of user behavior,” said buguroo, which will deliver a presentation on the new Gozi strain at the Black Hat USA 2016 security conference in Las Vegas.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Deepfake legislation up against constant evolution of generative AI

“Deepfake detection in generative AI: A legal framework proposal to protect human rights” is a newly published research paper by…

 

Biometrics Institute industry survey gathers professional insights

The Biometrics Institute is inviting industry professionals to participate in its 16th annual industry survey. The Institute notes that it…

 

Biometric tools shift from control to resistance

In the accelerating age of facial recognition technology (FRT), a growing counter-surveillance movement is flipping the script on who gets…

 

Deepfake competition from FinVolution seeks innovative detection models

Deepfake detection is in the spotlight at the FinVolution Group’s 2025 FinVolution Global Data Science Competition. A release says the…

 

Incode biometrics and liveness detection to power Descope IAM workflows

Descope, which provides enterprise IAM solutions for managing external digital identities, is adding biometric user onboarding and self check-ins through…

 

UK police look at future tech, including biometrics like brainwaves

With technology, what was once cutting edge will one day become the norm. Currently, the police are incorporating facial recognition,…

Comments

3 Replies to “New Gozi Trojan can dupe some behavioral biometrics security measures”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Biometric Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events