A new iteration of the Nymaim malware family has surfaced that upgrades the code to keep security tools from locating it, according to the cyber research team at Verint.
The malware, which originally surfaced in 2013, delivers various malicious payloads used in ransomware attacks and banking trojans and has continually outmaneuvered security teams by altering its coding to escape detection. While it went quiet for a time, it has resurfaced over the past six months stronger than ever with a 63 percent rise in attacks over 2015.
The latest version detected by Verint offers never-before-seen features, particularly new delivery mechanisms, obfuscation strategies, the use of PowerShell and blacklisting that learns how a targeted computer communicates with the internet, and subsequently verifies query results for names of popular security defenses.
Unlike previous versions which arrived via drive-by-downloads, the new version arrives in spear phishing campaigns targeting high-level managers that attaches a malicious Word document to emails.