{
  "family": "nymaim",
  "sample_count": 756,
  "category": "loader",
  "description": "Nymaim is a downloader and ransomware family active since 2013 that has been repeatedly updated to deliver banking trojans, ransomware, and click-fraud payloads. Earlier Nymaim variants delivered Gozi banking trojan; later variants pivoted to ransomware. It uses heavy anti-analysis techniques including timing checks, environment fingerprinting, and packing.",
  "cta": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.",
  "aliases": [],
  "enrichment_level": "hand-curated",
  "faq": [
    {
      "@type": "Question",
      "name": "What is Nymaim?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Nymaim is a downloader and ransomware family active since 2013 that has been repeatedly updated to deliver banking trojans, ransomware, and click-fraud payloads. Earlier Nymaim variants delivered Gozi banking trojan; later variants pivoted to ransomware. It uses heavy anti-analysis techniques including timing checks, environment fingerprinting, and packing."
      }
    },
    {
      "@type": "Question",
      "name": "How does Nymaim spread?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Nymaim spread through exploit kits and as a downloader paired with the GozNym banking trojan campaigns."
      }
    },
    {
      "@type": "Question",
      "name": "What are the signs of a Nymaim infection?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Outbound traffic to unusual TLDs, GozNym banking injection on financial sites, and AV detections for Nymaim are diagnostic."
      }
    },
    {
      "@type": "Question",
      "name": "What should I do if I think I have Nymaim on my system?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance."
      }
    }
  ],
  "faq_count": 4,
  "mitre_attack": [
    "T1547.001",
    "T1071.001"
  ],
  "cisa_advisory": null,
  "last_updated": "2026-05-27"
}