Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Two New IcedID Campaigns Making Rounds in the Wild

Published

A new variant of the IcedID banking trojan has been discovered that spreads via two new spam campaigns. These campaigns are hitting more than 100 detections a day.

What happened?

In mid-March, researchers from Kaspersky observed two new spam campaigns, in which the messages were written in English and had ZIP attachments or links leading to ZIP files.

  • The first campaign, named DotDat, was spreading ZIP attachments that claimed to be some sort of compensation claims or canceled operation with the names in a specific format.
  • The ZIP archives include a malicious MS Excel file with the same name. It downloads a malicious payload via a macro from a URL with the following format [host]/[digits].[digits].dat and runs it.
  • In the second campaign, spam emails included links to hacked websites with malicious archives named documents[.]zip0, doc-XX[.]zip, document-XX[.]zip where XX stands for two random digits.
  • Similar to the first campaign, the archives included an Excel file with a macro that downloaded the IcedID downloader. This spam campaign peaked in March and by April it slowed down.

The IcedID malware

IcedID consists of two parts: a downloader that sends some user information to the C&C and receives the main body, and the main body that is distributed as a shellcode hidden into a PNG image.

  • Moreover, IcedID authors changed the downloader. In the new version, attackers moved from x86 to an x86-64 version and removed fake C2s from the configuration.
  • In March, the largest number of users targeted by Ligooc (IcedID downloader) were spotted in China (15.88%), India (11.59%), Italy (10.73%), the U.S. (10.73%), and Germany (8.58%).

Conclusion

Along with increased infection attempts, IcedID operators made some modifications to the downloader as well. This suggests that attackers are improving and probably coming up with a new plan to target users globally. The best way to stay protected from such threats is to stay alert while receiving emails from unknown senders.

Source: https://cyware.com/news/two-new-icedid-campaigns-making-rounds-in-the-wild-93868644

In this article:, , , ,
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Weaponized Telegram App Infected Over 60K Android Users

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

September 11, 2023

Cyber Security

AttackCrypt: A Payload Encryptor That Allows Malware to Evade Antivirus Scanners

AttackCrypt, an open-source “crypter,” was recently used by cybercriminals to hide malware binaries and avoid antivirus detection. A crypter is a kind of software that can...

September 5, 2023

Cyber Security

Threat and Vulnerability Roundup for the week of August 27th to September 2nd

We are glad to present the most recent news on cybersecurity in this week’s Threat and Vulnerability Roundup from Cyber Writes.  The latest attack...

September 2, 2023

Cyber Security

Chinese hackers targeted government entities and thwarted recovery efforts, report says

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

August 30, 2023

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO