The earliest versions of malware in this family were loaders. They downloaded country-specific programs, intended to block computer use, onto the victim computer. Other versions of Trojan.Win32.Nymaim malware were found later.
The newer variants incorporate Gozi, a Trojan used to steal online banking information from user computers.
Features of this malware family include:
Geographical distribution of attacks by the Trojan.Win32.Nymaim family
Geographical distribution of attacks during the period from 03 June 2015 to 03 June 2016
Top 10 countries with most attacked users (% of total attacks)
* Percentage among all unique Kaspersky Lab users worldwide who were attacked by this malware