Gozi Trojan Turns to Dark Cloud Botnet
The well-known and widely distributed Gozi ISFB banking Trojan has a new trick up its sleeve: It has been making use of the elusive Dark Cloud botnet for distribution in a series of recent campaigns.
According to Cisco Talos intelligence, the campaigns started during the fourth quarter of 2017 and have continued into 2018, with new campaigns being launched every week. They’re relatively low volume and targeted to specific organizations, and some of the mails are even localized.
“They do not appear to send large amounts of spam messages to the organizations being targeted, instead choosing to stay under the radar while putting extra effort into the creation of convincing emails, in an attempt to evade detection while maximizing the likelihood that the victim will open the attached files,” researchers said in a blog.