Batu69 Posted July 13, 2016 Share Posted July 13, 2016 Brazilians hit hard by recent wave of Nymaim malware Countries most affected by Nymaim infections in 2016 Nymaim, a trojan first detected in 2011, seems to have come back to life, as the number of detections recorded in the first six months of 2016 has already surpassed the numbers seen in the entire past year. If we are to categorize this trojan, Nymaim is a classic malware dropper, also called malware loader. Nymaim's only purpose is to infect the system using some sort of method and then downloading other more dangerous and intrusive malware. While crooks used to download all sort of nasty viruses in the past, Nymaim is mostly known to deliver ransomware. Nymaim is also half of the GozNym banking trojan The trojan grabbed headlines again in April this year when a criminal group developed a new banking trojan that merged the source code of the infamous Gozi banking trojan with Nymaim's infection capabilities to create the virus known as GozNym. According to security experts from ESET, ever since the start of the year, crooks have yet again turned to this trojan, which has been quietly dying since 2014. Infections grew month by month, targeting users all over the world, but making most victims in Poland (70 percent of all infections), Germany (18 percent), and the US (9 percent). Recent Nymaim infections target Brazilians Most recently, in the last month, ESET detected a vicious phishing campaign delivering Word documents that installed Nymaim when the user activated the document's macro feature. This campaign was aimed at users living in Brazil alone. This was also a particular detail since Nymaim usually infected users via drive-by downloads when visiting malicious websites. These most recent payloads are detected as Nymaim.BA, and a security researcher (@matthewm on VirusTotal) has tied some of its distribution to a series of IPs, which he recommends system administrators to ban, in order to stop Nymaim infections. 35.51.69.111 70.212.173.116 101.186.50.249 142.126.57.60 154.58.222.139 165.203.213.15 206.114.64.228 Nymaim infections in 2015 and 2016 Article source Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.