Tuesday , July 14 2026
Nymaim

BD CIRT detected over 27,000 Nymaim/Avalanche Malware related events in BD

There has been a sharp rise in malware linked to the Nymaim / Avalanche loader in Bangladesh. CIRT BD observed over 27,000 malware events, which means bad actors are trying to infect systems and there is ongoing contact with the botnet.

Figure: Detected Nymaim / Avalanche- Nymaim Malware Communications from Bangladesh IP Addresses, BD CIRT

Threat Overview

Meta’s louisiana data center to exceed 250 billion price tag

Meta announced on Monday that its data center in Richland Parish, Louisiana, will grow to 5 gigawatts of computing power....
Read More
Meta’s louisiana data center to exceed 250 billion price tag

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

Nymaim (also known as Gozi ISFB Loader) is a multi-stage malware loader used to deploy additional malicious payloads, including:

Banking trojans
Credential stealers
Ransomware
Remote access tools (RATs)

The malware is highly adaptive, allowing attackers to update capabilities post-infection through command-and-control (C2) servers.

Key Findings in Bangladesh

27,000+ malware events detected
Activity across 20+ network providers (ASNs)
Multiple compromised hosts communicating with botnet servers
C2 communication captured via sinkhole monitoring

These signs show that there are infected devices in Bangladesh networks that are trying to reconnect with known harmful servers.

Targeted Data

Nymaim infections aim to steal sensitive information such as:

Banking credentials
Payment card data
System configuration details

This data is commonly used for

Financial fraud
Account takeovers
Identity theft
Secondary cyberattacks

Malware File Names Observed

Suspicious File Names:
update.exe
flashplayer_update.exe
svchost.exe
java_update.exe

Malicious Domains (examples):

g-update[.]net
secure-update[.]biz
update-service[.]org

Known Malicious IPs:
184.105.192[.]2
185.82.202[.]132
91.220.131[.]37

Behavioral Indicators:

Outbound HTTP/HTTPS traffic to unknown domains
Encrypted payload downloads
Activity in AppData/Temp directories

Organizations in Bangladesh are strongly advised to:

Block known malicious IPs and domains
Implement DNS sinkholing
Deploy Endpoint Detection & Response (EDR)
Monitor unusual DNS and HTTP traffic
Sandbox suspicious files and attachments
Continuously monitor networks for anomalies

Incident Response Guidance

If compromise is suspected:

Isolate affected systems immediately
Conduct full malware scans and forensic analysis
Reset all compromised credentials
Remove persistence mechanisms
Restore from secure backups

CIRT encourages to send reports of unusual behavior to: [email protected]

Check Also

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to …