This malware was written in an unusual programming language, making it extremely difficult to detect
Named NimzaLoader by the cybersecurity researchers at Proofpoint, the malware was written in the Nim programming language - and it's assumed that the guys behind the malware decided to develop it in a rather strange way. In the hope that choosing an uncommon programming language will make code detection and analysis considerably more difficult.
Essentially, NimzaLoader is designed to give the malicious actors behind it access to a Windows computer, and in particular the ability to execute commands - which can give them control over the machine, stealing sensitive information or even the ability to deploy additional malware.
According to preliminary analysis, the NimzaLoader malware is most likely the work of a group of cybercriminals Proofpoint calls TA800. The group is currently launching a series of offensive operations targeting a wide range of industrial sectors across North America.
In addition, this group is also believed to be closely related to BazarLoader, a trojan-type malware that possesses the ability to create a full backdoor on compromised Windows machines. At the same time, BazarLoader can also be used to perform ransomware attacks.
Like BazarLoader, NimzaLoader was distributed using phishing emails linking potential victims with a fake PDF downloader, which, if run, would load the malware onto the machine. Phishing emails are often targeted specifically with custom references related to personal details such as the recipient's name and the company with which they work.
Similar to the previous BazarLoader, the possibility that NimzaLoader could be used as a tool hired by cybercriminals as a means of spreading their own malware attacks.
Given the fact that phishing is the main means of distributing NimzaLoader, organizations and businesses should ensure that their network is secured with tools that help prevent malicious emails completely. In addition, there is a need to promote staff training on how to detect phishing emails, especially when campaigns like these often try to exploit personal information as a means of keeping victims off guard. .
You should read it
- App Installer on Windows 10 was used to install BazarLoarder malware
- What is Safe Malware? Why is it so dangerous?
- Analyze Malware actions
- Hackers antivirus application preinstalled on Xiaomi phones into malware
- Warning campaign to spread malicious code through 'green tick' pages on Facebook
- Hackers are using new Microsoft Office vulnerabilities to distribute malware
- GandCrab blackmail extinguished after earning $ 2.5 billion worldwide
- Malware takes advantage of Android smartphones like Botnets
- How to Fix a Malware Infection on Your Computer
- Answer these 5 questions before clicking on any link
- Classify hackers and career opportunities for true hackers
- Detecting new electronic phishing malware, redirecting payment transactions to attackers
Maybe you are interested
This Simple Android App Proves Anything Can Contain Malware
BadBox Malware Is Picking Up Speed, Targeting Certain Android Devices
Warning of new dangerous malware attack campaign targeting Linux
Downloaded malware? Try these fixes before factory reset!
SteelFox Trojan: Malware Turns PCs Into Cryptocurrency Mining Zombies
Remcos Alert: Ingenious Excel Phishing Campaign Spreading Dangerous Fileless Malware