Name of Malware: GozNym

Type of Malware: Downloader, banking trojan

Affected Operating Systems: Windows

Affected Device Types: PCs, laptops etc.

Impact: high

What is GozNym?

GozNym is a developed variant of the highly obfuscated Nymaim malware. When the source text of the Gozi banking trojan was published, the authors expanded the software, which originally functioned as a downloader, to incorporate the functions of Gozi. After installation, the malware captures banking credentials. Many manufacturers of AV software consider GozNym to be the same as Nymaim, even though there are critical differences between the two.

How did I get infected with GozNym?

GozNym is usually sent as an attachment to spam e-mails. When the victim opens the attachment, GozNym is installed. The attachments are often named using words such as invoice or reminder to deceive the user into unsafe actions.

What do I have to do now?

It may be possible to remove GozNym by scanning the infected system using anti-virus software. Further information on removing this malware can be found under Removing infections from PCs, laptops etc.

Technical specifications

Further information on this malware can be found on the website of our project partner Fraunhofer FKIE.