The Nymaim trojan was initially detected in 2013 and, although its infection rates have varied over the past few years, its activity levels during the first half of 2016 have surpassed those in previous years. ESET researchers reported that Nymaim has caused 2.8 million infections, mainly targeting Poland, Germany, and the United States. After its initial infection, Nymaim’s main function is to funnel additional malware onto the infected system. This trojan is most known for infecting victims with ransomware, delivered through drive-by downloads and malicious links and email attachments. Nymaim has previously targeted individuals, hospitals, and the police. In 2013, Nymaim was discovered delivering ransomware distributed by the Blackhole exploit kit. In 2014, researchers discovered that machines infected with Nymaim were also infected with a range of other malware, including Vawtrak and Pony. Nymaim is one half of the joint Nymaim-Gozi trojan, GozNym, discovered in April of this year targeting North American financial institutions. In June, the trojan was discovered targeting Brazilian financial institutions in a phishing campaign with emails containing malicious macros in Word documents, eventually delivering ransomware to the victim.  


  • February 2016: Nymaim developments. (ProofPoint
  • June 2016: Nymaim phishing campaign targeting Brazilians. (InfoSecurity Magazine)
  • July 2016: Nymaim's increased activity in the first half of the year. (Softpedia)
  • October 2016: Nymaim Dropper Updates Delivery, Obfuscation Methods (Threatpost)

Technical Details 

  • Softpedia provides technical details on the Nymaim trojan, available here.
Image Source: Softpedia

Image Source: Softpedia