ThreatPost – (International) Cybercrime gang recruiting botmasters for large-scale MiTM attacks on American banks. A slew of major American banks may soon have to brace themselves for a large-scale coordinated attack bent on pulling off fraudulent wire transfers, ThreatPost reported October 4. RSA's FraudAction research team has been monitoring underground chatter and has put together various clues to deduce that a cybercrime gang actively recruits up to 100 botmasters to participate in a complicated man-in-the-middle hijacking scam using a variant of the proprietary Gozi Trojan. This is the first time a private cybercrime group has recruited outsiders to participate in a financially motivated attack, said a cybercrime communications specialist for RSA FraudAction. The attackers promise their recruits a cut of profits, and require an initial investment in hardware and training in how to deploy the Gozi Prinimalka Trojan. Also, the gang will only share executable files with their partners, and will not give up the Trojan compilers, keeping the recruits dependent on the gang for updates. With this scale, banks could face up to 30 times the number of compromised machines and fraudulent transfers as the average attack, if the campaign is successful. As many as 30 banks have been targeted, many of them well known and high profile. RSA said the gang is targeting American banks because of their success in beating their defenses, as well as a lack of two-factor authentication required for transfers.