Police hunt the 'GozNym' malware gang

(Image credit: Shutterstock)

Police are on the hunt for five members of a cyber gang which used malware to steal $100 million from more than 41,000 victims.

Police in the US, Germany, Bulgaria, Georgia, Moldova and Ukraine worked together on a complex, cross-border operation to dismantle the group, but five Russian men managed to evade capture and are now on the lamb.

The gang used a form of malware to steal the hefty sum, which has been dubbed 'GozNym' and has proved quite potent. Within the five fugitives is the developer of GozNym, which the gang used to infect computers and capture online banking details.

Details of the operations have been announced by Europol, which called it an "unprecedented, international law enforcement operation". Ten members of the gang have been charged by a federal grand jury in the US with conspiracy to commit online theft.

Rival cryptomining gangs warring over unsecure Linux servers Billion-dollar hackers: meet the gangs treating cybercrime like the Fortune 500

However, that only explains part of their criminal operation. According to Europol, the gang operated a "cybercrime-as-a-service" concept, with different elements such as bulletproof hosters, money mules networks, crypters, spammers, coders, organisers and even technical support.

The gang advertised its specialist technical skills on a secret, Russian-speaking, online forums. The gang's leader also recruited individuals from these forums leading to the creation of the GozNym network, which provided the leader with access to more than 41 000 victim computers infected with GozNym malware.

The leader of this criminal network is being prosecuted in Georgia, but the creator of GozNym is still on the run. Europol believes this individual to be the developer of GozNym malware and the person that oversaw its creation, development, management and leasing to other cybercriminals.

GozNym is actually a hybrid of two other pieces of malware: Gozi Trojan and Nymaim. The first of these is known as a "dropper" - software that's designed to covertly move other malware on to a device. Gozi, on the other hand, has been around since 2007, resurfacing time and again with new techniques, all seemingly for stealing financial information.

Bobby Hellard is ITPro's Reviews Editor and has worked on CloudPro and ChannelPro since 2018. In his time at ITPro, Bobby has covered stories for all the major technology companies, such as Apple, Microsoft, Amazon and Facebook, and regularly attends industry-leading events such as AWS Re:Invent and Google Cloud Next.

Bobby mainly covers hardware reviews, but you will also recognize him as the face of many of our video reviews of laptops and smartphones.