Gozi v2
Description
(IBM) RSA recently discovered a new malware variant it dubbed Prinimalka-Gozi, which reportedly will be used in a massive, coordinated attack on U.S. banks called Project Blitzkrieg. After analyzing Prinimalka-Gozi, IBM Security determined that it is a distant relative of the Gozi malware. According to our findings, the installation and HTML injection designation method it uses resembles Gozi. However, many implementation details such as the format of the HTML injection, certain configuration elements and the machine code injected into the browser process appear to be completely different than those of Gozi.
Names
| Name |
|---|
| Gozi v2 |
| Gozi Prinimalka |
| Prinimalka-Gozi |
Category
Malware
Type
- Banking trojan
- Credential stealer
Information
- https://securityintelligence.com/project-blitzkrieg-how-to-block-the-planned-prinimalka-gozi-trojan-attack/
- https://krebsonsecurity.com/tag/gozi-prinimalka/
- https://lokalhost.pl/gozi_tree.txt
Other Information
Uuid
9a68ee23-32e6-40bd-aac1-b620447a0c0f
Last Card Change
2020-05-24