Researchers Moshe Zioni and Oren Biderman from Verint's Cyber-Research team have discovered an unknown variant of the Nymaim malware family.
Nymaim was prevalent in 2013 but has recently re-emerged.
Nymaim's popularity significantly dropped in the years that followed its initial appearance. However, there has been a significant increase in the number of attacks seen over the past 6 months (specifically, a 63% increase in attacks compared to 2015).
Verint said in a blogpost, “As can only be expected in the current cyber-landscape, the new variant of Nymaim possesses an arsenal of new features and capabilities that have not yet been seen, including new delivery mechanisms, obfuscation methods, PowerShell usage and even an interesting form of ‘anti-security solution/analysis' blacklisting.”
While perhaps not the most alarming finding Verint's research team has ever seen, this Nymaim variant serves as substantial evidence of two significant trends:
First, “The re-emergence and evolution of the Nymaim family. Our discovery shows that not only is the malware family definitely back in action, it has gone through some dramatic changes meaning that it deserves renewed attention.”
Second, “This is another perfect example of how even relatively widespread threats are employing significantly more advanced methods of attack, distribution and obfuscation that not that long ago, would have been found in only the most advanced and targeted threats. This trend is just getting stronger and means that ‘advanced' threats will continue to affect a wider range of victims than ever before.”