NimzaLoader Malware Written In a Programming Language That Is Hard To Detect Called Nim
New unusual malware detected written in a language most programmers do not use or know about. NimzaLoader was written in a programming language called Nim. It is rare for experienced cyber criminals to use Nim as a language to write viruses and malware. It is assumed by security experts that Nim was chosen as a language to write the malware in order to make it harder for Anti-virus software to detect the malware.
A group of prolific cyber criminals that had distributed viruses in the past, have chosen a new disguise to hide behind. The group is known for their multiple malwares, releasing the new malware written in Nim in order to make it more difficult to analyze and detect the virus. NimzaLoader malware is designed to gain a backdoor to Windows computers in order to execute commands in the background. This gives cyber criminals remote access to control the computers, in order to steal sensitive information and deploy additional viruses.
The malware is thought to come from a group called TA800. TA800 is an active hacking operation, which has in the past targeted businesses across North America. In the past the same group is believed to be behind BazarLoader, a form of trojan malware. BazarLoader was able to exploit Windows computers to gain access and compromise security to deliver ransomware attacks.
Both malwares BazarLoader and NimzaLoader are propagated using phishing emails. The phishing emails are structured with enough personal information that the recipient of the emails is trusting enough to click on the link and/or attachment to download and install the malware locally on their computers. These targeted emails are sophisticated enough to know the user’s personal details including the users’ work email. Hiding behind what seems to be work related emails, the users let their guard down and inadvertently download the malware by clicking on the links or attachments.
The email templates and the delivery mechanism behind the NimzaLoader is consistent with previous TA800 phishing attack campaigns. Adding a new programming language to the mix has increased the likelihood that the malwares will be hard to detect. It is recommended businesses improve their networks and are secured with tools to prevent malicious emails and phishing attacks from arriving in their employees email-boxes. At the same time employees must be trained to recognize between an official work related email and fake phishing email.