Electronic Commerce Industry with the GuLoader Malware, Which Utilizes Dangerous NSIS Executables

Published at : 08 Feb 2023 12:50 PM (IST)

According to information revealed by a cybersecurity company called Trellix before the end of the previous month, continuous GuLoader malware campaigns have targeted the e-commerce sectors in both South Korea and the United States.

It is noteworthy that the malspam activity has shifted from using virus-infected Microsoft Word documents to using NSIS executable files as the vector for spreading malware. Germany, Saudi Arabia, Taiwan, and Japan are among the other nations that will be targeted as part of the campaign.

Nullsoft Scriptable Install System, more often known by its acronym NSIS, is a script-driven open source tool that is used in the process of developing installers for the Windows operating system.

In 2021, attack chains made use of a ZIP archive that contained a Word document with embedded macros to drop an executable file that was tasked with loading GuLoader. In contrast, the most recent phishing wave makes use of NSIS files that are embedded within ZIP or ISO images to activate the infection.

According to a statement made by a researcher at Trellix named Nico Paulo Yturriaga, “Embedding malicious executable files in archives and photos might assist threat actors elude detection.”

It is speculated that throughout the course of 2022, the NSIS scripts that were used in the distribution of GuLoader became more sophisticated, including further obfuscation and encryption layers in order to disguise the shellcode.

This new development is also symbolic of a larger shift that has taken place within the threat landscape. This shift has seen an increase in the use of alternative methods for the distribution of malware as a direct result of Microsoft’s decision to disable macros in Office files that are downloaded from the internet.

According to Yturriaga’s observation, “the movement of GuLoader shellcode to NSIS executable files is a remarkable example that shows the inventiveness and tenacity of threat actors to elude detection, hinder sandbox analysis, and block reverse engineering.”

More stuffs you may like

Related posts


Latest posts

Mountains of Waste: The E-Waste Crisis and Its Environmental Toll

In today's fast-paced world, the rapid evolution of consumer electronics has led to an endless cycle of upgrades and disposals.

Guarding Your Digital Fortress: Navigating the Surge in Cybersecurity Threats

In an increasingly digital world, where data flows like water and personal information is stored in the cloud, the importance of cybersecurity cannot be overstated.

Intel’s Leap into the Future: Unveiling Next-Gen Processors with Breakthrough Performance

In the ever-evolving landscape of computer technology, one name has consistently stood out as a pioneer and trailblazer: Intel.
error: Content is protected !!