The article talks about droppers and loaders. The malware could be some binary
catted to a txt file then encrypted and hidden in something else which gets
unpacked by the dropper, or it might be downloaded at a later stage from
elsewhere. The nim code could be delivered uncompiled and the user is tricked
into building it after downloading it, then that installs the real malware.
That sort of thing is about misdirection and doing things in unusual ways that
haven't been done before, so a lesser known language is ideal to make an
innocent looking "installer" app.
