Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Gozi Banking Trojan is back, Targeting Window 10’s Edge Browser!

Gozi Trojan was first discovered by security researchers in 2007. The authors of this harmful Trojan did a lot of work on it for five years and then attacked on the machines of various countries. Many computer systems from Germany, France, Italy, Finland, Turkey and United States were affected by this Trojan. To target the systems of above countries, criminals used “Gozi v1” Trojan.  The source code of this Trojan had been leaked by its developers in 2010.

The Gozi Trojan is back again. It has many new features and that is the reason why it is more harmful now. This Trojan is targeting Edge Browser of Windows 10. Before Edge browser, Tinba v3, Dyre and Ramnit were the targets of Gozi Trojan.

This Trojan has two new features:

1. It is capable to create fake content by injecting malicious codes into the browser.

2. Authors of this Trojan are very intelligent and they have coded it in a way that it can infect an Edge Browser very easily.

As we know Microsoft has added “Edge Browser”, in Windows 10. The cybercriminals behind Gozi Browser are using an older mechanism of code injection, into “MicrosoftEdgeCP.exe” process of Edge browser. Criminals behind this Trojan are using C&C severs (Command and Control) to control it. Gozi Trojan is capable to send commands to that Process of Edge Browser, from where it can see all the history of Browser and can steal cookies. All this happened from the “RuntimeBroker.exe” process of Edge. Gozi Trojan first targets the "RuntimeBroker.exe" process, from where it got direct access to “MicrosoftEdgeCP.exe” process.

The Trojan is hard coded by the Criminals and it can recognize the banking portals, when user fills banking details into form of Banks. Many banks of United States also has been affected by this Trojan.

This Gozi v2 Trojan was launched by the criminals in 2013. A number of developers were arrested by the security agencies at that time, which were writing codes for this Trojan. After that, a Master Boot Record (MBR) had been added by the criminals in Gozi for high persistency. This gave some extra features to “Gozi v2” as compare to “Gozi v1”.

Also read: Do you know about the Best Antivirus of 2015? Here is the list!

In “Internet Explorer” “iexplorer.exe” process was injected by the criminals but in Edge Browser criminals are injecting “MicrosoftEdgeCP.exe” process. Before internet Explorer, This Trojan had infected Chrome, Opera and many other browsers in Past. Gozi Trojan have these three functions: (i) kernal32!CreateProcessA (ii) kernal32!CreateProcessW (iii) kernal32!CreateProcessAsUserW

EdgeHTMl 13 has been introduced by Microsoft to boost the security of Browser. Security Researchers at IBM have discovered a number of Edge Browsers infected by this Trojan in South Africa, UK and United States.

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.