Hackers Using Both Gozi, Cerberus Malware

Account Takeover Fraud
Fraud Management & Cybercrime

Attackers Target Online Banking Users in Italy, IBM Says

Bank Fraud: Hackers Using Both Gozi, Cerberus Malware
Web injection instructing infected users to download a mobile app (Source: IBM)

An ongoing hacking campaign is targeting Italian online banking users by infecting their devices with the Gozi banking Trojan and then prompting them to download Cerberus malware to make money transfers, according to IBM Security Intelligence.

See Also: Live Panel | Zero Trusts Given- Harnessing the Value of the Strategy

The campaign, which began in September 2020, targets the accounts of users of business banking services that have balances of more than 3,000 euros ($3,583).

The Cerberus malware enables the attackers to receive two-factor authentication codes sent by banks to users attempting to make transactions. “Cerberus also possesses other features and can enable the attacker to obtain the lock-screen code and remotely control the device,” the IBM report adds.

The report did not disclose details on how many victims have been affected or how much has been stolen.

Attack Tactics

The campaign begins with the attackers sending phishing emails with malicious files attached that typically purport to carry invoices, delivery notices or other business correspondence. When victims download the files, they are infected with Gozi malware, IBM says.

When victims attempt to access their online services, Gozi performs web injections to display a hoax message stating that banking services cannot be performed until the victim downloads a “security app,” which is…