Skip to main content

This Malware Might Be Undetectable To Some Antivirus Programs

By February 23, 2021May 11th, 2022Cybersecurity

For a time, a few months ago, it seemed like the gang behind the dreaded Trickbot network and malware was on the ropes. Law enforcement had rocked the group back on its heels and confiscated or shut down large swaths of its network and it appeared that the group wasn’t long for the world.

Rumors of their death, it seems, have been greatly exaggerated.

The gang has proved to be highly adaptive, and they’ve responded to the recent attacks made by law enforcement and IT security professionals by changing their game.

One of the most recent changes they’ve made is the rewrite of their BazarBackdoor malware. By rewriting the code in a little-known language called Nim, they’ve been able to make the malware even harder to detect. Vitali Kremez is the CEO of an internet security firm called Advanced Intel.

Kremez had this to say about the recent discovery:

“The backdoor component that is capable of command execution is written in NIM programming language to evade anti-virus detection. The crime group likely chose to pursue the lightweight malware development in Nim to frustrate anti-virus and detection mechanism focused on traditional binaries compiled in C/C++ style languages.

Not too long ago, Golang has become another preferred language of choice for some malware families including RobbinHood ransomware majorly due to the fact that many anti-virus products fail to process and characterize unconventional binaries as malware due to unique section and binary content introduced by the Nim and similar exotic languages.”

It’s also worth mentioning that BazarBackdoor isn’t the first malware to be written in Nim and other little-known languages. Researchers don’t stumble across many such examples but at least a few others are known to exist. For instance, in 2019 the MalwareHunterTeam found a ransomware strain called XCry written in Nim, and just last month, Advanced Intel discovered a new ransomware strain written in a programming language called “D.” Given that, it seems we have yet another new thing to worry about.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.