Tweet

Recent reports have stated that a massive campaign of fraud is planned to hit various US banks. Approximately 100 cybercriminals are said to be part of this planned campaign.

It is believed that this attack will be launched using newly-developed malware related to the Gozi banking Trojan, which has been called Gozi-Prinimalka. Overall, the capabilities of this new threat are broadly similar to other banking malware such as ZeuS, SpyEye, and Gozi itself.

We’ve been able to analyze the configuration files of existing Gozi-Prinimalka variants that are currently in the wild. Based on this, customers of the following financial institution are at increased risk:

• Accurint
• American Funds
• Ameritrade
• Bank of America
• CapitalOne
• Charles Schwab
• Chase
• Citibank
• eTrade
• Fidelity
• Fifth Third Bank
• HSBC
• M&T Bank
• Navy Federal Credit Union
• PNC
• Regions Financial Corporation
• Scottrade
• ShareBuilder
• State Employees Credit Union
• Suntrust
• The Huntington National Bank
• United States Automobile Association
• USBank
• Wachovia
• Washington Mutual
• Wells Fargo

We are in contact with the above financial institutions in order to help mitigate this threat. In the meantime, we advice clients of the institutions listed above to pay particular attention to any wire transfers made out of their accounts, as it is believed that this is how the attack will be conducted by the attackers.

In the meantime, Trend Micro products detect these Trojans as various BKDR_URSNIF variants, such as BKDR_URSNIF.B. We are also working continuously to find and block any websites that host this malware, as well as any command-and-control servers.