Thursday, September 23, 2021

NimzaLoader malware was written Nim Programming Language to be less detected

Must Read

Cyber Criminals Exploit zero-day vulnerability in FTA servers for Data Theft and Extortion

Cybersecurity company FireEye said today cybercriminal gang known as FIN11 performed a zero-day attack on Accellion FTA servers that...

Armed Forces confirm hacking of their data network

The Malaysian Armed Forces (ATM) verified that there was a cyber assault on its information network yesterday.Armed Forces chief...

This new Version could be the Upcoming Big malware threat to Your Business

A new sort of ransomware is growing more and more successful as cybercriminals turn into it as a favorite...

NimzaLoader malware is unusual because it’s written in a programming language rarely used by cybercriminals – which could make it harder to detect and defend against.

“Malware developers may choose to use a rare programming language to avoid detection, as reverse engineers may not be familiar with Nim’s implementation, or focused on developing detection for it, and therefore tools and sandboxes may struggle to analyze samples of it,” the researchers said.

Dubbed NimzaLoader by cybersecurity researchers at Proofpoint said the malware is written in Nim Programming Language.

Proofpoint is tracking the operators of the campaign under the moniker “TA800,” who, they say, started distributing NimzaLoader starting February 3, 2021. Before the latest raft of activity, TA800 is known to have predominantly used BazaLoader since April 2020.

NimzaLoader malware is designed to provide cyber attackers with access to Windows computers, and with the ability to execute commands – something that could give those controlling the malware the ability to control the machine, steal sensitive information, or potentially deploy additional malware.

Like BazarLoader, NimzaLoader is distributed using phishing emails that link potential victims to a fake PDF downloader, which, if run, will download the malware onto the machine. At least some of the phishing emails are tailored towards specific targets with customized references involving personal details like the recipient’s name and the company they work for.

Proofpoint’s findings have also been independently corroborated by researchers from Walmart’s threat intelligence team, who named the malware “Nimar Loader.”

Additional evidence gathered by Proofpoint and Walmart shows that NimzaLoader is also being used to download and execute Cobalt Strike as its secondary payload, suggesting that threat actors integrate different tactics into their campaigns.

It’s recommended that organizations train staff on how to spot phishing emails, particularly when campaigns like this one attempt to exploit personal details as a means of encouraging victims to let their guard down.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

Apple Releases patches for an actively exploited zero-day flaw in ios, macOS

Apple on Monday Release an urgent security patch for iOS,macOS, iPadOS, to address a zero-day flaw that has been actively exploited.Apple has revealed that...

More Articles Like This