Electronic Commerce Industry with the GuLoader Malware, Which Utilizes Dangerous NSIS Executables

Published at : 08 Feb 2023 12:50 PM (IST)

According to information revealed by a cybersecurity company called Trellix before the end of the previous month, continuous GuLoader malware campaigns have targeted the e-commerce sectors in both South Korea and the United States.

It is noteworthy that the malspam activity has shifted from using virus-infected Microsoft Word documents to using NSIS executable files as the vector for spreading malware. Germany, Saudi Arabia, Taiwan, and Japan are among the other nations that will be targeted as part of the campaign.

Nullsoft Scriptable Install System, more often known by its acronym NSIS, is a script-driven open source tool that is used in the process of developing installers for the Windows operating system.

In 2021, attack chains made use of a ZIP archive that contained a Word document with embedded macros to drop an executable file that was tasked with loading GuLoader. In contrast, the most recent phishing wave makes use of NSIS files that are embedded within ZIP or ISO images to activate the infection.

According to a statement made by a researcher at Trellix named Nico Paulo Yturriaga, “Embedding malicious executable files in archives and photos might assist threat actors elude detection.”

It is speculated that throughout the course of 2022, the NSIS scripts that were used in the distribution of GuLoader became more sophisticated, including further obfuscation and encryption layers in order to disguise the shellcode.

This new development is also symbolic of a larger shift that has taken place within the threat landscape. This shift has seen an increase in the use of alternative methods for the distribution of malware as a direct result of Microsoft’s decision to disable macros in Office files that are downloaded from the internet.

According to Yturriaga’s observation, “the movement of GuLoader shellcode to NSIS executable files is a remarkable example that shows the inventiveness and tenacity of threat actors to elude detection, hinder sandbox analysis, and block reverse engineering.”

More stuffs you may like

Related posts

Latest posts

Salesforce has let go of more than 8,000 employees and its COO, has said may lay off many more

The employment losses continue to wreak havoc around the world in the IT sector. Both Facebook, the dominant social...

With new setting, it could be simpler for users of WhatsApp to ignore unwanted calls

The functionality, which has not yet been publicised, was discovered by WABetaInfo, which had previously uncovered an additional experimental feature...

Android 13’s best new features has made its way into Mozilla Firefox

The support for customised icons across all applications was one of the many upgrades and new features that were introduced...
error: Content is protected !!