In a joint international law enforcement operation officials took down a major global organized cybercrime network responsible for stealing an estimated $100 million from more than 41 000 financial institutions and businesses around the world.

The gang infected victims’ computers with GozNym banking trojan to capture their online banking credentials, which it used to fraudulently gain unauthorized access and steal money from victims’ online bank accounts and then launder those funds using US’s and foreign beneficiary bank accounts controlled by the criminals.

GozNym malware is based on two known powerful trojans - Gozi ISFB malware, a banking Trojan that has been in the wild since 2012 and Nymaim, a ransomware that is also capable of downloading additional malware onto affected device. Like most hacking campaigns GozNym trojan was distributed through legitimate looking spear-fishing emails containing malicious links and attachments, which downloaded the malware on victims’ computers. To ensure that GozNym remains undetected by anti-virus products one of the members of the gang encrypted trojan.

To hide their tracks the attackers hosted malicious domains and GozNym downloads on the servers of the Avalanche network - a bulletproof service that, according to Europol, provided services to more than 200 cybercriminals, and hosted more than twenty different malware campaigns, including GozNym. Last year the alleged leader of the Avalanche was arrested in Ukraine.

Now US’ and EU's law enforcement authorities have tracked down and charged ten members of GozNym cybercriminal network. Five of them were arrested during several coordinated searches conducted in Bulgaria, Georgia, Moldova, and Ukraine, including the leader of the GozNym network who along with his "technical assistant" is being prosecuted in Georgia by the Prosecutor's Office of Georgia and the Ministry of Internal Affairs of Georgia. However, five Russian nationals charged in connection with GozNym remain on the run, including the developer of malware itself. According to the FBI, they reside in Russia.