fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

TrickBot’s BazarBackdoor Malware Is Now Coded In Nim To Evade Antivirus

TrickBot’s BazarBackdoor Malware Is Now Coded In Nim To Evade Antivirus

TrickBot’s stealthy BazarBackdoor malware has been rewritten in the Nim programming language, likely to evade detection by security software.

The TrickBot cybercrime gang has been increasingly distributing their newer and stealthier BazarBackdoor malware through spam campaigns. Once a computer becomes infected, BazarBackdoor is used to provide the threat actors remote access to the computer to spread laterally throughout a network.

BazarBackdoor phishing email

Last week, both cybersecurity firm Intezer and Advanced Intel’s Vitali Kremez analyzed a new sample of BazarBackdoor and discovered that the TrickBot gang ported it to the Nim programming language.

According to the programming language’s website, Nim takes its inspiration from Python, Ada, and Modula and can generate executables supported on Windows, macOS, and Linux.

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

“Nim is one of the very few programmable statically typed languages, and combines the speed and memory efficiency of C, an expressive syntax, memory safety and multiple target languages.” states the Nim website.

As it is rare to find malware developed using Nim, Kremez believes that the TrickBot gang ported BazarBackdoor to Nim to bypass detection by antivirus software.

“The backdoor component that is capable of command execution is written in NIM programming language to evade anti-virus detection. The crime group likely chose to pursue the lightweight malware development in Nim to frustrate anti-virus and detection mechanism focused on traditional binaries compiled in C/C++ style languages.”

“Not too long ago, Golang has become another preferred language of choice for some malware families including RobbinHood ransomware majorly due to the fact that many anti-virus products fail to process and characterize unconventional binaries as malware due to unique section and binary content introduced by the Nim and similar exotic languages,” Advanced Intel CEO Vitali Kremez told BleepingComputer in a conversation.

Other malware developed in Nim is a ransomware family called XCry [VirusTotal] discovered by MalwareHunterTeam in 2019.

More recently, the Nim-coded DeroHE ransomware [VirusTotal] was used in an attack against IObit forum users.

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

Nim is not the only uncommon language recently used to create malware. Last month, Kremez found that the new Vovalex ransomware was written in the D programming language.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us