Latest FeedsTechnology NewsGuLoader Malware Using Malicious NSIS Executables to Target E-Commerce...

GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry


Feb 06, 2023Ravie LakshmananCyber Attack / Endpoint Security

GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry

E-commerce industries in South Korea and the U.S. are at the receiving end of an ongoing GuLoader malware campaign, cybersecurity firm Trellix disclosed late last month.

The malspam activity is notable for transitioning away from malware-laced Microsoft Word documents to NSIS executable files for loading the malware. Other countries targeted as part of the campaign include Germany, Saudi Arabia, Taiwan and Japan.

NSIS, short for Nullsoft Scriptable Install System, is a script-driven open source system used to develop installers for the Windows operating system.

While attack chains in 2021 leveraged a ZIP archive containing a macro-laced Word document to drop an executable file tasked with loading GuLoader, the new phishing wave employs NSIS files embedded within ZIP or ISO images to activate the infection.

“Embedding malicious executable files in archives and images can help threat actors evade detection,” Trellix researcher Nico Paulo Yturriaga said.

GuLoader Malware

Over the course of 2022, the NSIS scripts used to deliver GuLoader are said to have grown in sophistication, packing in additional obfuscation and encryption layers to conceal the shellcode.

The development is also emblematic of a broader shift within the threat landscape, which has witnessed spikes in alternative malware distribution methods in response to Microsoft’s blocking of macros in Office files downloaded from the internet.

“The migration of GuLoader shellcode to NSIS executable files is a notable example to show the creativity and persistence of threat actors to evade detection, prevent sandbox analysis and obstruct reverse engineering,” Yturriaga noted.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Please enter your comment!
Please enter your name here

Latest news

A completely new opening of the series from Deep Silver Volition literally from the first trailers quite strongly...
Mar 28, 2023Ravie LakshmananRansomware / Endpoint Security Multiple threat actors have been observed using two new variants of the...

Must read

Chinese Hackers Breach Middle East Telecom Providers

Mar 23, 2023Ravie LakshmananCritical Infrastructure Security Telecommunication providers in...