Banking Trojan Adds 9 Bulgarian Lenders to Targets

File photo

A Trojan named Gozi/ISFB has added nine major banks in Bulgaria to its list of targets, a specialized website has said.

An article posted on SecurityIntelligence.com argues that " a new Gozi Trojan configuration file that is, according to our data, the first one dedicated to exclusively targeting Bulgarian banks," while previous versions have bee focused on the US, UK, Australia, Saudi Arabia, or the Persian Gulf.

Bulgaria is more well-known for "locally based perpetrators" when it comes to cybercrime, the article notes citing last year's report by the European ATM Security Team (EAST) which describes the country has home to a "significant Bulgarian organized crime network suspected of a variety of crimes, including large-scale ATM skimming, electronic payment fraud and forgery of documents."

However, the media outlet is asking whether with the threat looming from Gozi things are "starting to change". It cites January's meeting between Bulgarian PM Boyko Borisov and FBI head James Comey where the two agreed online crimes are a growing problem.

Though unique linguistic areas are described as a less likely direction for malware such as Gozi and Tinba (another Trojan that attacked Romania earlier this year), IBM security data cited here suggests that Gozi "began adding new territories in March and July 2015".

"Gozi definitely has plans for Eastern Europe," the article notes, recalling that it also added triggers for a few banks in Latvia in early July.

A figure suggests the region falls somewhere within the 1% "Others" among the 2015 targets of Gozi, a Trojan which mostly (85%) attacks the US, followed by the UK (7%), Portugal (2%), Canada, Saudi Arabia, Australia, Hong Kong, and the United Arab Emirates (each...

Continue reading on: