New unknown version of Nymaim malware discovered
New unknown version of Nymaim malware discovered

Researchers Moshe Zioni and Oren Biderman from Verint's Cyber-Research team have discovered an unknown variant of the Nymaim malware family.

The family is a group of malwares  capable of downloading various malicious payloads onto the affected device, ranging from Ransomware to Banking Trojans.

Nymaim was prevalent in 2013 but has recently re-emerged.

Nymaim's popularity significantly dropped in the years that followed its initial appearance. However, there has been a significant increase in the number of attacks seen over the past 6 months (specifically, a 63% increase in attacks compared to 2015).

In the past, it seems the vast majority of attacks were associated with file encoding malware as the final payload but Verint has stressed that Nymaim has a method of delivering multiple types of malicious payload.

Verint said in a blogpost, “As can only be expected in the current cyber-landscape, the new variant of Nymaim possesses an arsenal of new features and capabilities that have not yet been seen, including new delivery mechanisms, obfuscation methods, PowerShell usage and even an interesting form of ‘anti-security solution/analysis' blacklisting.”

Unlike the 2013 version, which was distributed via drive-by-downloads as the victims visited compromised websites, the new reincarnation has been shown to use a different vector of attack. Spear phishing campaigns, with emails containing a malicious Microsoft Word .DOC file as an attachment, are used to socially engineer victims into initiating the infection.

While perhaps not the most alarming finding Verint's research team has ever seen, this Nymaim variant serves as substantial evidence of two significant trends:

First, “The re-emergence and evolution of the Nymaim family. Our discovery shows that not only is the malware family definitely back in action, it has gone through some dramatic changes meaning that it deserves renewed attention.”

Second, “This is another perfect example of how even relatively widespread threats are employing significantly more advanced methods of attack, distribution and obfuscation that not that long ago, would have been found in only the most advanced and targeted threats. This trend is just getting stronger and means that ‘advanced' threats will continue to affect a wider range of victims than ever before.”