A prolific cyber criminal hacking operation is distributing new malware which is written in a programming language rarely used to compile malicious code.
Dubbed NimzaLoade by cybersecurity researchers at Proofpoint, the malware is written in Nim – and it’s thought that those behind the malware have decided to develop it this way in the hopes that choosing an unexpected programming language will make it more difficult to detect and analyse.
NimzaLoader malware is designed to provide cyber attackers with access to Windows computers, and with the ability to execute commands – something which could give those controlling the malware the ability to control the machine, steal sensitive information, or potentially deploy additional malware.
The malware is thought to be the work of a cyber criminal hacking group which Proofpoint refers to as TA800, a hacking operation which targets a wide range of industries across North America.
The group is usually associated with BazarLoader, a form of trojan malware which creates a full backdoor onto compromised Windows machines and is known to be used to deliver ransomware attacks.
Like BazarLoader, NimzaLoader is distributed using phishing emails which link potential victims to a fake PDF downloader which, if run, will download the malware onto the machine. At least some of the phishing emails are tailored towards specific targets with customised references involving personal details like the recipient’s name and the company they work for.
By Danny Palmer
March 11, 2021