The new NimzaLoader malware is quite different from other malicious computer viruses. Security researchers claimed that it doesn't use the usual programming language used by various hackers and cybercriminals to attack companies and businesses.
They explained that since its codes are very different from the ones commonly used by online attackers, the latest NimzaLoader malware is very hard to detect and defend against. According to ZDNet's latest report, this new computer virus is distributed by a cybercriminal hacking operation.
Why NimzaLoader is hard to detect
This new malware is specifically designed to allow online attackers and other cybercriminals to gain access to Windows computers. It has the ability to execute commands. Once it executes these malicious codes, the hackers will be able to steal sensitive information, control the victim's computer, or deploy another malware.
Proofpoint, a security firm, is the first one to discover this new computer virus. Here's what the company's researchers found:
- Doesn't use the same code flattening obfuscator
- Doesn't use the same RC4 using dates as the key command and control (C&C) response decryption
- Doesn't use the same style of string decryption
- Doesn't use the same XOR/rotate based Windows API hashing algorithm
- Written in a completely different programming language
- Doesn't use a domain generation algorithm (DGA)
- Makes use of JSON in C&C communications
Who developed this new malware?
Proofpoint's researchers claimed that this new malware was developed by TA800, a hacking operation that targets a wide range of companies and businesses across North America. This group is also accused of developing a form of Trojan malware called BazarLoader.
Compared to the latest NimzaLoader, the previous BazarLoader creates a full backdoor onto compromised Windows laptops and PCs. It is also well-known for delivering ransomware attacks.
However, these two computer viruses have one thing in common: they are both distributed using phishing emails that link potential victims to a fake PDF downloader. If you want to know more details, you can click here.
For more news updates about new malware and other malicious systems, always keep your tabs open here at TechTimes.
This article is owned by TechTimes.
Written by: Giuliano de Leon.