Gozi is a banking Trojan that has been modified to include new obfuscation techniques, to evade detection. Previous breaches involving Gozi in the healthcare sector led to the compromise of data associated with 3.7 million patients costing $5.55 million.

CGI’s Advanced Threat Investigation (ATI) team has been monitoring various sources, and has been able to identify a Gozi malware campaign that exfiltrates data from victim’s machines by capturing network traffic, host login credentials and further credentials stored in browsers and mail applications.

This fact sheet explores the attributes of the malware and protective actions which can be taken against it. For more information please contact cti.uk@cgi.com.