Gozi Goes to Bulgaria — Is Cybercrime Heading to Less Charted Territory?

In what appears to be a trend, another banking Trojan is  ready to attack in Eastern Europe. This time it is the Gozi/ISFB Trojan, which just added 9 major banks in Bulgaria to its list of targets.

What’s New?

In early-August 2015, IBM Security X-Force researchers analyzed a new Gozi Trojan configuration file that is, according to our data, the first one dedicated to exclusively targeting Bulgarian banks. Previous versions of this malware attack in the US, UK, AU, as well as Saudi Arabia and the Persian Gulf, but this is a first for Bulgaria.

Our analysis reveals that Gozi’s developers have expanded the capabilities and reach of the malware by updating its web injections to match the Bulgarian banks they are targeting.

Bulgaria and Cybercrime

When it comes to cybercrime, rather than being a popular target, Bulgaria is more known for its locally-based perpetrators, making the headlines in cases of Internet fraud, payment card fraud, ATM fraud and the like. In a fraud update report released last year by the European ATM Security Team (EAST), Bulgaria was named as home to a “significant Bulgarian organized crime network suspected of a variety of crimes including large scale ATM skimming, electronic payment fraud and forgery of documents.”

As a victim of cybercrime, Bulgaria is not often on the attackers’ roster, and losses the country incurs as a result of cyber-borne threats are not widely documented. The most common issue banks suffer from in Bulgaria is accounts used as money mules to withdraw and launder funds that come from other countries. The most recent mention of banks in Bulgaria suffering cybercrime losses appeared when the Carbanak heist was uncovered, alongside a long list of other banks from all over the world.

Read more of this post here