Frick
Active Member
- Reaction score
- 105
- Location
- Denver, Colorado
Last week I received a phone call from a client. They said they were on their bank web portal, and shorlty afterwords got a phone call from their bank fraud department. The person on the phone said they identified the cleint's computer as being infected with the GozNym trojan and blocked its actions from the server side. They instructed the client to call their IT support about it, and recommended installing IBM Trusteer Rapport.
This whole situation initially set off red flags of being a general phone scam, but found it odd they didnt try get get a remote session, install software, exploit money to remove it, etc. GozNym is very new, and all over the news for already stealing millions of dollars.
I ran full virus and rootkit scans (Bitdefender, Malwarebytes, Kaspersky, etc) and all come back clean. While I dont generally like Trusteer, I am familiar with it and installed it (its free and works with many banks) temporarily. Sure enough it says it is actively blocking GozNym!
The issue I am having is there is absolutely no info on how to identify it and remove it. If you search the web you only get news stories, general info, and crappy old SpyHunter (and their parent company Enigma Software) with their hundreds of fake websites saying "how to remove" malware. Of course they dont tell you anything helpful and are all ads for SpyHunter (for those that dont know, SpyHunter is garbage and you should probably never use it).
I am going to NP the machine, but wanted to see if anyone on here has any info or experience with the Trojan.
This whole situation initially set off red flags of being a general phone scam, but found it odd they didnt try get get a remote session, install software, exploit money to remove it, etc. GozNym is very new, and all over the news for already stealing millions of dollars.
I ran full virus and rootkit scans (Bitdefender, Malwarebytes, Kaspersky, etc) and all come back clean. While I dont generally like Trusteer, I am familiar with it and installed it (its free and works with many banks) temporarily. Sure enough it says it is actively blocking GozNym!
The issue I am having is there is absolutely no info on how to identify it and remove it. If you search the web you only get news stories, general info, and crappy old SpyHunter (and their parent company Enigma Software) with their hundreds of fake websites saying "how to remove" malware. Of course they dont tell you anything helpful and are all ads for SpyHunter (for those that dont know, SpyHunter is garbage and you should probably never use it).
I am going to NP the machine, but wanted to see if anyone on here has any info or experience with the Trojan.
Last edited: