Security News > 2021 > March > Researchers Spotted Malware Written in Nim Programming Language
Cybersecurity researchers have unwrapped an "Interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language.
Dubbed "NimzaLoader" by Proofpoint researchers, the development marks one of the rare instances of Nim malware discovered in the threat landscape.
"Malware developers may choose to use a rare programming language to avoid detection, as reverse engineers may not be familiar with Nim's implementation, or focused on developing detection for it, and therefore tools and sandboxes may struggle to analyze samples of it," the researchers said.
While APT28 has been previously linked to delivering Zebrocy malware using Nim-based loaders, the appearance of NimzaLoader is yet another sign that malicious actors are constantly retooling their malware arsenal to avoid detection.
Proofpoint's findings have also been independently corroborated by researchers from Walmart's threat intelligence team, who named the malware "Nimar Loader."
Once opened, the malware is designed to provide the attackers with access to the victim's Windows systems, alongside capabilities to execute arbitrary commands retrieved from a command-and-control server - including executing PowerShell commands, injecting shellcode into running processes, and even deploy additional malware.