Security Affairs
Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Members of GozNym gang sentenced for stealing $100 Million

U.S. Justice Department announced that three members of the cybercrime group behind the GozNym banking Trojan have been sentenced to prison. U.S. Justice Department announced that three members of the cybercrime group behind the GozNym banking Trojan have been sentenced to prison. The crooks infected more than 4,000 victim computers globally with GozNym banking Trojan […]

GOZNYM

U.S. Justice Department announced that three members of the cybercrime group behind the GozNym banking Trojan have been sentenced to prison.

U.S. Justice Department announced that three members of the cybercrime group behind the GozNym banking Trojan have been sentenced to prison.

The crooks infected more than 4,000 victim computers globally with GozNym banking Trojan between 2015 and 2016, most of the victims were in the United States and Europe. According to the authorities, the gang stole nearly $100 million from the banking accounts of over 41,000 victims across the globe for years.

In May, a joint effort by international law enforcement agencies from 6 different countries has dismantled the crime gang behind the GozNym banking malware.

GozNym

The GozNym banking malware was first spotted in April 2015 by researchers from the  IBM X-Force Research, it combines the best features of Gozi ISFB and Nymaim malware.

The GozNym has been seen targeting banking institutions, credit unions, and retail banks. Among the victims of the GozNym Trojan there are 24 financial institutions in North America and organizations in Europe, including Polish webmail service providers, investment banking and consumer accounts at 17 banks in Poland and one bank in Portugal.

Europol with the help of law enforcement agencies from Bulgaria, Germany, Georgia, Moldova, Ukraine, and the United States identified and 10 individuals alleged members of the GozNym network.

5 defendants were arrested during several coordinated searches conducted in Bulgaria, Georgia, Moldova, and Ukraine, the remaining ones are Russians citizens and are still on the run, including the expert who developed the banking malware.

The cybercrime organization was described by the Europol as a highly specialised and international criminal network.

Operators behind the GozNym malware used the Avalanche network to spread the malware.

On Friday, in a federal court in Pittsburgh, the member of the gang Krasimir Nikolov (47) was sentenced to a period of time served after having served over 39 months in prison for his role as an “account takeover specialist” in the scheme, and will now be transferred to Bulgaria.

Nikolov was arrested in September 2016 in Bulgaria, local authorities extradited to Pittsburgh in December 2016 to face federal charges of criminal conspiracy, computer fraud, and bank fraud.

“A resident of Varna, Bulgaria, was sentenced on December 16, 2019, in federal court in Pittsburgh to a period of time served after having served more than 39 months in prison following his conviction on charges of criminal conspiracy, computer fraud, and bank fraud for his role as a member of the GozNym malware cybercrime network, United States Attorney Scott W. Brady announced today.” reads the press release published by the DoJ.

“United States District Judge Nora Barry Fischer imposed the sentence on Krasimir Nikolov, 47, of Bulgaria. Nikolov will be transferred into U.S. Immigration and Customs Enforcement custody and removed from the United States to Bulgaria.”

Nikolov used stolen online banking credentials gathered by the GozNym Trojan to access victims’ online bank accounts and make fraudulent electronic transfers into bank accounts controlled by fellow conspirators.

Another two members of the gang that were arrested in Georgia, Alexander Konovolov and Marat Kazandjian, have been sentenced on Friday to seven and five years of imprisonment, respectively.

Konovolov was a leader of the GozNym network while Kazandjian was his primary assistant and technical administrator.

“The FBI will not allow cyber criminals from any country to operate with impunity,” said FBI Pittsburgh Special Agent in Charge Robert Jones. “For years, these cyber criminals believed they could steal millions from innocent victims. Through international cooperation with multiple agencies, we were able to target, takedown and bring to justice members of this criminal enterprise. We will continue to relentlessly pursue these cyber criminals who think they can conduct illicit activity from behind the perceived anonymity of a computer.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – GozNym, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]