Searching
..

Click anywhere to stop

Trojan.Win32.Nymaim

Detect Date 06/03/2016
Class Trojan
Platform Win32
Description

The earliest versions of malware in this family were loaders. They downloaded country-specific programs, intended to block computer use, onto the victim computer. Other versions of Trojan.Win32.Nymaim malware were found later.

The newer variants incorporate Gozi, a Trojan used to steal online banking information from user computers.

Features of this malware family include:

  • Strong obfuscation of malicious code
  • RC4 traffic encryption with garbage data added for masking purposes
  • DNS spoofing
  • [some variants] Domain Generation Algorithm (DGA) use for hiding the IP address of the cyberattacker’s server

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 Germany 97.38
2 USA 0.46
3 Poland 0.35
4 Austria 0.26
5 China 0.21
6 Switzerland 0.21
7 France 0.12
8 Italy 0.10
9 United Kingdom 0.10
10 Netherlands 0.08

* Percentage among all unique Kaspersky users worldwide who were attacked by this malware

Find out the statistics of the threats spreading in your region