Researchers have seen a new variant of the IcedID banking trojan sliding in via two new spam campaigns. Written in English and carrying ZIP files full of the malware – or links to such ZIP files – the new twist on the old banking trojan is a tweaked downloader, which the threat actors moved from the initial x86 version to the latest: an x86-64 version. They also ditched the fake command-and-control (C2s, aka C&Cs) that were found in the earlier configuration and which were likely there to complicate malware analysis, researchers said. In an advisory posted on Thursday, Kaspersky researchers said that they spied the new spam campaigns – both of which were designed to deliver banking trojans – in mid-March. Most of the payloads the researchers collected were IcedID (Trojan-Banker.Win32.IcedID), but they also came across a few samples of the Qbot banking trojan (Backdoor.Win32.Qbot, aka QakBot). The primarily IcedID-flavored campaigns were coming in at a fever pitch: Campaign spikes hit more than 100 detections a day. That’s in keeping with another widespread IcedID email campaign that pelleted targets in April, when rigged Microsoft Excel attachments and Excel 4 macros were dumping IcedID at high volumes. At the time, it looked like the IcedID trojan was stepping in to fill the void left by Emotet after the malware got slapped offline in January. IcedID (aka BokBot) is similar to Emotet in that it’s a modular malware that started life as a banking trojan, initially used to…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-06-24 21:05:002021-06-24 21:05:00Spam Downpour Drips New IcedID Banking Trojan Variant
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org