An analysis by buguroo Threat Intelligence Labs has stated that Gozi trojan campaigns designed to avoid web fraud detection can threaten behavioural biometric defences.The study involved more effective versions of Gozi malware that are being used in currently active campaigns targeting global brands, including PayPal, CitiDirect BE and ING Bank.It found that versions of the webinjects used for specific companies, the malware sends a kind of biometric information to its control panel, such as how long the user takes to move from an input field to the next or the time between keystrokes.The malware uses these values to fill the necessary fields to perform the fraudulent transfer in what appears to be an attempt to bypass protection systems based on biometrics of user behaviour.”Through our ongoing cyber intelligence activity and world-class expertise, our team was able to identify the latest Gozi advances and alert the public,” said Pablo de la Riva Ferrezuelo, chief technology officer and co-founder of buguroo. “We are also proud to confirm that bugFraud Defence is one of the few, and perhaps the only, effective defence against these very sophisticated emerging attacks.”
Recent Articles
- Identity Week Europe 2026 raises the bar with 10 first-time speakers making their debut
- Sumsub joins World Economic Forum Unicorn Community to tackle AI fraud and advance inclusive digital identity
- Air carrier interface integrated into EES strategy
- Kentucky’s first mobile ID accepted for air travel
- FRONTEX expert to headline security document design at Identity Week Europe 2026
Recent Video
- New non-profit trade association of HAND will standardise global talent ID
- No cards, no phones: J.P. Morgan’s biometric revolution in payments
- Anthony Vidiano on building the future of access management
- Charisma Check wins 2025 Start-Up Pitching Competition, advancing identity verification and background checks for dating app users
- How to protect one billion Amazon customers: Lessons from continuous risk assessments
