Gozi

Also known as Ursnif, Gozi is one of the oldest banking trojans. To put it simply, Gozi tricks users into completing financial transactions in accounts that aren’t theirs. It’s been around since 2007 and, as one of the original banking trojans, has caused millions of dollars in damages. In 2010, the Gozi source code was leaked, which lead to the creation of several different versions of the malware. It was leaked for a second time in 2015, which led to further modularization and development of new versions of the malware. In 2016, Latvian hacker Deniss Calovskis was sentenced to time served (21 months) for developing the original Gozi code.Arresting a key developer often stops banking trojans, but it appeared to have little affect with Gozi. After more than ten years, Gozi continues to be one of the most sophisticated and constantly evolving malwares. When first developed, Gozi used rootkit components to hide its processes. More recently it has added both client-side and server-side evasion techniques and has continued to evolve. Recently, Gozi and Tinba have been connected through their use of shared web injection techniques. Although the scope has expanded for many banking trojans, Gozi continues to target financial institutions. As of March 2019, Gozi has been connected to DanaBot for targeting some of the same Italian banks. Gozi shows no signs of stopping and is considered one of the most dangerous pieces of banking trojan malware.