Since detecting the first Nymaim case of 2013, more than a million XnumX cases of infections have been recorded through 2,8omechanism "kill chain"And avoidance detection techniques. In the first half of 2016, ESET again noted a significant increase in Nymaim's detection.
Affecting Mrmainly Poland (54% of its detectedand), τGermany (16%) and the United States (12%), η renewed variant was detected as Win32 / TrojanDownloader.Nymaim.BA, making her reappearance as a integrated spearfishing campaign with one malicious attachment (Word .doc) containingmisleadingly Marcos. Η approach used to bypass them default security settingsυ Microsoft Word through mechanisms social engineering, is quite convincing in Englishs versions of MS Word.
"With advanced techniques to avoid detectionύ, and possibilities anti-VM, anti-debugging and control flow, that This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. downloader που function in two stages transporting ransomware as a final payload, has now evolved and is being used to transports spyware," says Cassius de Oliveira Puodzius, Security Researcher of ESET Latinoamerica.
In April, the specific version was joined with hybridή variation of Nymaim and of Gozi, targeting financial institutions in North America, while it spread and in Latin America, mainly in Brazil. This variation has give cybercriminals the possibility of remote access to the infringers computers, instead to have the usual results encryptionς files or locking.
Because of the similarities between goals που in countries with high and low detection rates, we can be reasonably confident that financial institutionsέat the heart of this campaign.
«The full register of this threat is still ongoing. However, if you suspect that o computerς ή το δίκτυό σας έχει παραβιαστεί, σας συνιστούμε να ελέγξετε whether or not IP addresses and URLs, located in πarticles, they are not in the firewall and in connection with the proxy server. In any case, it can be applied a prevention strategy from the threat putting on blacklist The IP that have come contact this malware on the firewall and URLs pThis makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. proxy, if your network supports this sort of filtering, "he concludes ο Puodzius.
All analysis is available at informative blog of ESET, Welivesecurity.com.