This malware was written in an unusual programming language, making it extremely difficult to detect

International cybersecurity researchers have discovered a relatively popular cyberattack campaign that is actively spreading a new type of malware. It is worth mentioning that this malicious code is written in a rather strange programming language, very rarely used to compile malicious code.

Named NimzaLoader by the cybersecurity researchers at Proofpoint, the malware was written in the Nim programming language - and it's assumed that the guys behind the malware decided to develop it in a rather strange way. In the hope that choosing an uncommon programming language will make code detection and analysis considerably more difficult.

Essentially, NimzaLoader is designed to give the malicious actors behind it access to a Windows computer, and in particular the ability to execute commands - which can give them control over the machine, stealing sensitive information or even the ability to deploy additional malware.

This malware was written in an unusual programming language, making it extremely difficult to detect Picture 1 This malware was written in an unusual programming language, making it extremely difficult to detect Picture 1

According to preliminary analysis, the NimzaLoader malware is most likely the work of a group of cybercriminals Proofpoint calls TA800. The group is currently launching a series of offensive operations targeting a wide range of industrial sectors across North America.

In addition, this group is also believed to be closely related to BazarLoader, a trojan-type malware that possesses the ability to create a full backdoor on compromised Windows machines. At the same time, BazarLoader can also be used to perform ransomware attacks.

Like BazarLoader, NimzaLoader was distributed using phishing emails linking potential victims with a fake PDF downloader, which, if run, would load the malware onto the machine. Phishing emails are often targeted specifically with custom references related to personal details such as the recipient's name and the company with which they work.

Similar to the previous BazarLoader, the possibility that NimzaLoader could be used as a tool hired by cybercriminals as a means of spreading their own malware attacks.

Given the fact that phishing is the main means of distributing NimzaLoader, organizations and businesses should ensure that their network is secured with tools that help prevent malicious emails completely. In addition, there is a need to promote staff training on how to detect phishing emails, especially when campaigns like these often try to exploit personal information as a means of keeping victims off guard. .