Authorities have managed to dismantle an international crime gang that stole $100 million from more than 40,000 victims using malware. Investigations in the US, Bulgaria, Germany, Georgia, Moldova and Ukraine conducted a series of complex police operations to achieve this.

The modus operandi of this international gang was to infect victims’ computers with GozNym malware that helped the criminals to get access to the online banking details of the users to ultimately access the details of their bank accounts.

The gang comprised of criminals who had advertised their skills on online forums.

Investigators revealed the details of the operation at the headquarters of the European police agency Europol in The Hague. The level of cross-border co-operation involved in the operation made this investigation unprecedented.

Charges of a range of crimes including stealing money and laundering the money using US and foreign bank accounts have been brought against ten members of the network in Pittsburgh, United States. According to investigators, there are five Russian nationals who are still absconding the police net. This includes the individual who had actually developed the GozNym malware and was in-charge of its development and management which included leasing out the malware to other cyber-criminals.

There are a number of countries where the other gang members are now poised to face prosecution. It includes one member of the gang who was tasked with the responsibility of taking over the different bank accounts who has already been extradited to the US from Bulgaria and is set to face trial there. Another member is one who encrypted GozNym malware to ensure that it could not be detected on various networks and now is under police custody in Moldova. Two more members are being charged in Germany over allegations of money-laundering.

The targeted victims of the gang included owners of small businesses, law firms, international corporations and non-profit organizations.

Prof Alan Woodward, a computer scientist from University of Surrey, noted that the unearthing and dismantling of this international gang shows the ease with which nefarious cyber-skills can be sold.

“The developers of this malware advertised their ‘product’ so that other criminals could use their service to conduct banking fraud. What is known as ‘crime as a service’ has been a growing feature in recent years, allowing organised crime gangs to switch from their traditional haunts of drugs to much more lucrative cyber-crime,” Woodward said.

GozNym is comprised of two other pieces of malware – Nymaim and Gozi.

Malware Nymaim is what is known as a “dropper” which is a software that is created to put in other malware on to a device and install it. Getting ransomware on to devices has been the primary use of Nymaim till 2015. On the other hand, Gozi, that has been active since 2007, has been tipped with new techniques and it was aimed to steal financial information. It was used in concerted attacks on US banks.

One expert called this combination of the two as a “double-headed monster”.

The targeted victims believed that they were clicking a simple link but were actually granting the hackers access to their most intimate details.

(Adapted from BBC.com)