TA800 targets individuals with tailored phishing emails. (Source: Proofpoint) An ongoing spear-phishing campaign by the threat group TA800 is distributing a new malware loader based on the Nim programming language that's designed to help avoid detection, according to the cybersecurity company Proofpoint. “TA800 has predominantly used BazaLoader since April of 2020, but on February 3, 2021 they distributed this new malware we are calling NimzaLoader,” says Sherrod DeGrippo, senior director of Proofpoint's threat research and detection team. “This malware is exclusive to TA800, and we've only seen it distributed once. This could be a sign of more to come.” Lewis Jones, threat intelligence analyst at cybersecurity company Talion, notes: "The use of Nim is uncommon for malware in the threat landscape. However we have recently seen a Nim-based downloader used by the Zebrocy threat group. It is likely that the threat actors are switching to Nim to avoid detection by defense teams who may not be familiar with the language."