Botconf Author Listing

Fred Harrison

Last known affiliation: Crowdstrike

Date: 2024-04-25
Gozi ISFB – Memoirs of a banking trojan
Fred Harrison 🗣

Abstract (click to view)

Gozi ISFB has been a persistent banking trojan that has gone through many changes over its lifetime. Being observed for generic and banking fraud campaigns but also now slowly pivoting into the ransomware as a service world it doesn’t seem to be slowing down.

Within this presentation we will outline the different observed use cases of Gozi ISFB going into detail about the actors, operations and the relationships observed between the threat actors behind it.

Pulling back the curtains on the banking trojan, the presentation describes some of the interesting campaigns ran by threat actors using the banking trojan and how they have used the features of it to steal and defraud both private and public entities. We’ll also be touching on Gozi ISFB operators that have close relationships with the current developers, as well as their relationships to other strains of the malware.

Scroll to Top