Proofpoint cybersecurity researchers found that TA800, a cybercriminal hacking group that attacks industries in North America, is distributing the NimzaLoader malware, According to ZDNet.
The malware is believed to have been written in Nim, a rarely used programming language, to avoid being analyzed and detected. NimzaLoader enables attackers to control and access Windows computers, allowing them to steal sensitive information or deploy another malware.
“TA800 has often leveraged different and unique malware, and developers may choose to use a rare programming language like Nim to avoid detection, as reverse engineers may not be familiar with Nim's implementation or focus on developing detection for it, and therefore tools and sandboxes may struggle to analyse samples of it,” said Sherrod DeGrippo, senior director of Proofpoint's threat research and detection.
Similar with the trojan malware BazarLoader, NimzaLoader is distributed via phishing emails, which trick potential victims into running a fake PDF downloader that then downloads the malware into their computers.
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
Cybersecurity and Infrastructure Security Agency Director Jen Easterly said that the agency's automated vulnerability warning program will be ready for full deployment by the end of the year, according to CyberScoop.
Organizations in the Americas, Europe, and Asia have been subjected to the ongoing FROZEN#SHADOW attack campaign that involved the distribution of the stealthy SSLoad malware alongside Cobalt Strike and ConnectWise ScreenConnect software to compromise networks, reports The Hacker News.
CyberScoop reports that over 100 Ukrainian local government and police documents uploaded to VirusTotal in February were discovered to have been infected with the OfflRouter malware, which dates back to 2015 and could only spread through already compromised files and removable media devices.