Saturday, June 12, 2021

NimzaLoader malware was written Nim Programming Language to be less detected

Must Read

Attacks Maybe about to Make even more Harmful and Tumultuous

Cybercriminals continue to be successfully running ransomware campaigns while requiring higher ransoms than ever - and things might be...

How 2020 Has Changed the Information Privacy

The most crucial data privacy and protection events from 2020 and their effect on the US within the long...

The third malware Strain detected in SolarWinds supply chain attack

Security investigators have found another type of malware used by Russian attackers to loosen SolarWinds. CrowdStrike, one of two security...

NimzaLoader malware is unusual because it’s written in a programming language rarely used by cybercriminals – which could make it harder to detect and defend against.

“Malware developers may choose to use a rare programming language to avoid detection, as reverse engineers may not be familiar with Nim’s implementation, or focused on developing detection for it, and therefore tools and sandboxes may struggle to analyze samples of it,” the researchers said.

Dubbed NimzaLoader by cybersecurity researchers at Proofpoint said the malware is written in Nim Programming Language.

Proofpoint is tracking the operators of the campaign under the moniker “TA800,” who, they say, started distributing NimzaLoader starting February 3, 2021. Before the latest raft of activity, TA800 is known to have predominantly used BazaLoader since April 2020.

NimzaLoader malware is designed to provide cyber attackers with access to Windows computers, and with the ability to execute commands – something that could give those controlling the malware the ability to control the machine, steal sensitive information, or potentially deploy additional malware.

Like BazarLoader, NimzaLoader is distributed using phishing emails that link potential victims to a fake PDF downloader, which, if run, will download the malware onto the machine. At least some of the phishing emails are tailored towards specific targets with customized references involving personal details like the recipient’s name and the company they work for.

Proofpoint’s findings have also been independently corroborated by researchers from Walmart’s threat intelligence team, who named the malware “Nimar Loader.”

Additional evidence gathered by Proofpoint and Walmart shows that NimzaLoader is also being used to download and execute Cobalt Strike as its secondary payload, suggesting that threat actors integrate different tactics into their campaigns.

It’s recommended that organizations train staff on how to spot phishing emails, particularly when campaigns like this one attempt to exploit personal details as a means of encouraging victims to let their guard down.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

An error of coding results attacker will delete a live video of Facebook

Facebook has solved the problem of Programming errors on live video services that allow attackers to successfully remove video...

What is a Cyber Attack or Virtual Attack

Firstly We Wil Discuss About Cyberattack or we will also say virtual attack. A Cyberattack is a type of attack that will be done...

Firefox 88 start disabling FTP with removal set for Firefox 90

Firefox 88 update has disabled File Transfer Protocol (FTP) support completely from the browser. The handling of clicking on FTP links from within Firefox...

Google Project Zero giving The 30-day grace period for user patch adoption

Google Project Zero will be shifting from a fairly hard 90-day deadline to a new model that incorporates a new 30-day grace period to...

Parking app ParkMobile experiences data breach of 21M Users

The popular mobile app that drivers use to pay and find available public parking in Pittsburgh and in other cities experienced a data breach...

More Articles Like This