February 6, 2023Rabbi LakshmananCyber ​​Attack / Endpoint Security

South Korean and US e-commerce industries are on the receiving end of the ongoing GuLoader malware campaign, cybersecurity firm Trellix revealed late last month.

The malspam campaign is notable for moving from malware-laced Microsoft Word documents to NSIS executables for loading malware. Other countries targeted as part of the campaign include Germany, Saudi Arabia, Taiwan and Japan.

NSISstands for Nullsoft Scriptable Install System, a script-driven open source system used to develop installers for Windows operating systems.

While a series of attacks in 2021 utilized ZIP archives containing macro-laced Word documents to drop executables that loaded GuLoader, a new wave of phishing attempts to embed them in ZIP or ISO images. It uses the downloaded NSIS file to activate the infection.

“By embedding malicious executables in archives and images, attackers may help evade detection,” said Trellix researcher Nico Paulo Yturriaga. Said.

GuLoader malware

Over the course of 2022, the NSIS scripts used to deliver GuLoader are said to have become more sophisticated, incorporating additional obfuscation and encryption layers to hide the shellcode.

The development also marks a broader shift in the threat landscape, with another method of malware distribution proliferating in response to Microsoft’s blocking of macros in Office files downloaded from the Internet.

“Moving the GuLoader shellcode to an NSIS executable is a remarkable example of the creativity and persistence of attackers in evading detection, preventing sandbox analysis, and thwarting reverse engineering,” said Yturriaga. I’m here.

Did you find this article interesting?Please follow us twitter and LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog