This malware was written in an unusual programming language, making it extremely difficult to detect

This malware was written in an unusual programming language, making it extremely difficult to detect


2021-03-29 10:55:45

International cybersecurity researchers have discovered a relatively popular cyberattack campaign that is actively spreading a new type of malware. It is worth mentioning that this malicious code is written in a rather strange programming language, very rarely used to compile malicious code.

Named NimzaLoader by the cybersecurity researchers at Proofpoint, the malware was written in the Nim programming language – and it’s assumed that the guys behind the malware decided to develop it in a rather strange way. In the hope that choosing an unpopular programming language will make detecting and analyzing malicious code significantly more difficult.

Essentially, NimzaLoader is designed to give the malicious actors behind it access to a Windows computer, and in particular the ability to execute commands – which can give them control over the machine, stealing sensitive information or even the ability to deploy additional malware.

According to preliminary analysis, the NimzaLoader malware is most likely the work of a group of cybercriminals Proofpoint calls TA800. The group is currently launching a series of offensive operations targeting a wide range of industrial sectors across North America.

In addition, this group is also believed to be closely related to BazarLoader, a trojan-type malware that possesses the ability to create a full backdoor on compromised Windows machines. At the same time, BazarLoader can also be used to perform ransomware attacks.

Like BazarLoader, NimzaLoader was distributed using phishing emails linking potential victims with a fake PDF downloader, which, if run, would load the malware onto the machine. Phishing emails are often targeted specifically with custom references related to personal details such as the name of the recipient and the company with which they work.

Similar to the previous BazarLoader, the possibility that NimzaLoader could be used as a tool hired by cybercriminals as a means of spreading their own malware attacks.

Given the fact that phishing is the main means of distributing NimzaLoader, organizations and businesses should ensure that their network is secured with tools that help prevent malicious emails completely. In addition, there is a need to promote staff training on how to detect phishing emails, especially when campaigns like these often try to exploit personal information as a means of keeping victims off guard. .


#malware #written #unusual #programming #language #making #extremely #difficult #detect

Leave a Reply

Your email address will not be published. Required fields are marked *