Also known as: JS.Nemucod, TrojanDownloader:JS/Nemucod, Nemucod!, Trojan.JS.NEMUCOD, W32/Nemucod
Variants: NemucodAES, Nemucod-7z, NemucodHTA
Damage potential: Malware infection, file corruption and loss, unauthorized access, data theft
Since Nemucod is a downloader for other malware, it doesn’t present many infection symptoms by itself. The most obvious symptoms will result from the secondary infection and will depend on the type of malware Nemucod has installed.
Look out for:
Files with strange extensions (.crypted).
Unfamiliar processes in the Task Manager.
Increased outbound network because Nemucod connects to remote servers to download payloads.
Malicious email activity. Since Nemucod often spreads through malicious email attachments, an infected machine might also send out spam or malicious emails to contacts.
Ransomware infection symptoms: encrypted personal files you can’t access, ransom notes, disabled security software.
Blocked security websites. Some malware aims to prevent you from accessing remediation tools online or information on how to remove it.
Unwanted pop-ups. Nemucod’s payload may include adware.
Sources of infection
Downloads. When you visit a malicious website, it may try to inject Nemucod into your system using unpatched vulnerabilities or social engineering techniques. If you download software from unofficial sources, it may contain all kinds of malware — including Nemucod.
Removable media. Sometimes, malware propagates through infected USB sticks or other removable media.
Compromised browser extensions. A less common source of infection lets Nemucod download malware via extension vulnerabilities.
Be wary of email attachments. Do not open email attachments if you do not know or trust the sender. And even if you do, if the emails seem suspicious, you should contact the sender via other means to make sure the email is legitimate.
Keep your software up to date. This is one of the most fundamental cybersecurity practices. Updates usually patch newly found vulnerabilities — install them as soon as possible!
Browse with caution. Do not click on suspicious links or download content from untrusted sources. If prompted to install or execute a file while browsing, make sure it’s safe before accepting.
Only download apps from trusted sources. Go to official app stores and websites to download apps or programs. Official platforms will take measures to ensure the downloads are safe and malware free.
Use an Antivirus. Use a trusted antivirus software, keep it updated, and frequently scan your system for infections.
Back up. Back up your most sensitive data on an external drive or a secure cloud service.