Nymaim is a downloader and ransomware family active since 2013 that has been repeatedly updated to deliver banking trojans, ransomware, and click-fraud payloads. Earlier Nymaim variants delivered Gozi banking trojan; later variants pivoted to ransomware. It uses heavy anti-analysis techniques including timing checks, environment fingerprinting, and packing.
This family has been observed using the following ATT&CK techniques: T1547.001 T1071.001
Nymaim is a downloader and ransomware family active since 2013 that has been repeatedly updated to deliver banking trojans, ransomware, and click-fraud payloads. Earlier Nymaim variants delivered Gozi banking trojan; later variants pivoted to ransomware. It uses heavy anti-analysis techniques including timing checks, environment fingerprinting, and packing.
Nymaim spread through exploit kits and as a downloader paired with the GozNym banking trojan campaigns.
Outbound traffic to unusual TLDs, GozNym banking injection on financial sites, and AV detections for Nymaim are diagnostic.
If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.
Get this profile as JSON: https://jordanricky1604-ship-it.github.io/malware-families-catalog/api/nymaim.json
This profile is part of the Malware Families Catalog, a public dataset of 2,899 malware families extracted from the EMBER 2018 benchmark. The catalog is also published on Hugging Face and Kaggle.