Guloader is a type of malware that uses malicious NSIS (Nullsoft Scriptable Install System) executables to target the e-commerce industry.
NSIS is a popular open-source tool used to create Windows installers, and Guloader abuses this tool to deliver malicious payloads to unsuspecting victims.
The malspam activity spread through malware-laced Microsoft Word documents to NSIS executable files for loading the malware. The countries targeted are the US, South Korea, Germany, Saudi Arabia, Taiwan, and Japan.
According to Trellix: ‘GuLoader isn’t new, but the increased obfuscation as a result of distribution in NSIS executable files showcases threat actors’ creativity and persistence.’
What GuLoader does
Once the malicious NSIS executable is installed on a victim’s machine, it can carry out various malicious activities, such as downloading and executing additional malware, stealing sensitive information, and compromising the security of the infected device.
In the context of the Ecommerce industry, Guloader is often used to steal payment card data, login credentials, and other sensitive information from online shoppers.
What can you do to prevent the GuLoader attack?
It is important for individuals and organizations in the e-commerce industry to be aware of the threat posed by Guloader and to take steps to protect themselves.
This includes keeping the software and operating systems up-to-date, avoiding suspicious downloads and attachments, and using robust security software to detect and block malicious activity.
Moreover, it is important to be vigilant when shopping online, and only to use trusted websites and payment methods to reduce the risk of being targeted by this or other types of malware.
Trellix views it as: ‘The migration of GuLoader shellcode to NSIS executable files is a notable example to show the creativity and persistence of threat actors to evade detection, prevent sandbox analysis and obstruct reverse engineering.’
Concluding Thoughts
Intruders will eventually break into your systems putting your online presence at risk. The goal here is to promote awareness about security threats with emerging hacking tricks and technologies. It is always better to have an approach to prevent cyber threats rather than curing them after they hit you.