Microsoft's Malware Protection Center has identified a new wave of NSIS (Nullsoft Scriptable Install System) installers that seek to evade detection by burying malware deeper in the code. The changes have been seen in installers that drop ransomware like Cerber, Locky, and others. The installers try to look as normal as possible by incorporating non-malicious components that usually appear in legitimate installers. Components include more non-malicious plugins, in addition to the installation engine system.dll, there's also a .bmp file that serves as a background image for the installer interface, to mimic legitimate ones, and a non-malicious uninstaller component uninst.exe. The…
[Continue Reading]