Names | Gozi v2 Gozi Prinimalka Prinimalka-Gozi | |
Category | Malware | |
Type | Banking trojan, Credential stealer | |
Description | (IBM) RSA recently discovered a new malware variant it dubbed Prinimalka-Gozi, which reportedly will be used in a massive, coordinated attack on U.S. banks called Project Blitzkrieg. After analyzing Prinimalka-Gozi, IBM Security determined that it is a distant relative of the Gozi malware. According to our findings, the installation and HTML injection designation method it uses resembles Gozi. However, many implementation details such as the format of the HTML injection, certain configuration elements and the machine code injected into the browser process appear to be completely different than those of Gozi. | |
Information | <https://securityintelligence.com/project-blitzkrieg-how-to-block-the-planned-prinimalka-gozi-trojan-attack/> <https://krebsonsecurity.com/tag/gozi-prinimalka/> <https://lokalhost.pl/gozi_tree.txt> |
Last change to this tool card: 24 May 2020
Download this tool card in JSON format
Previous: Gozi ISFB
Next: GozNym
Changed | Name | Country | Observed | ||
Unknown groups | |||||
_[ Interesting malware not linked to an actor yet ]_ |
1 group listed (0 APT, 0 other, 1 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |