GuLoader Malware Using Malicious NSIS Executable to Target E-Commerce Industry

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,048
E-commerce industries in South Korea and the U.S. are at the receiving end of an ongoing GuLoader malware campaign, cybersecurity firm Trellix disclosed late last month.

The malspam activity is notable for transitioning away from malware-laced Microsoft Word documents to NSIS executable files for loading the malware. Other countries targeted as part of the campaign include Germany, Saudi Arabia, Taiwan and Japan.

NSIS, short for Nullsoft Scriptable Install System, is a script-driven open source system used to develop installers for the Windows operating system.

While attack chains in 2021 leveraged a ZIP archive containing a macro-laced Word document to drop an executable file tasked with loading GuLoader, the new phishing wave employs NSIS files embedded within ZIP or ISO images to activate the infection.

"Embedding malicious executable files in archives and images can help threat actors evade detection," Trellix researcher Nico Paulo Yturriaga said.

ms.png
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top