1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This devious malware looks like it has a whole load of new tricks

    From TechnologyDaily@1337:1/100 to All on Wed Mar 29 19:15:03 2023
    This devious malware looks like it has a whole load of new tricks up its sleeve

    Date:
    Wed, 29 Mar 2023 18:03:40 +0000

    Description:
    Two new IcedID variants, named Forked and Lite, were seen lacking key
    features of the malware, but that's no reason to get complacent.

    FULL STORY ======================================================================

    Two new variants of the infamous IcedID malware have been spotted, however both are lacking certain distinctive features, making security experts
    curious as to their purpose.

    Cybersecurity researchers from Proofpoint revealed since February, they have been tracking two versions of IcedID, one called Lite, and the other called Forked.

    Both come without the usual online banking fraud features, instead supposedly working more as a dropper for more elaborate campaigns. Stealth malware tactics

    Proofpoint says that its seen at least three different hacking groups using these two versions across seven campaigns since late last year. Apparently, these groups have been using IcedID as a stepping stone toward ransomware infections.

    Why exactly threat actors decided to strip IcedID of its unique features remains unclear, but some reports have suggested that removing unneeded functions makes it stealthier and leaner, helping cybercriminals stay hidden for longer.

    The way IcedID is delivered to victims also differs. In some cases, the attackers would distribute phishing emails with Microsoft OneNote
    attachments. In other cases, theyd use Emotet .

    The researchers noted that the existence of two new variants does not mean
    the original malware is no longer being used.

    As recently as March 10, 2023, some threat actors still choose to deploy what Proofpoint calls the Standard variant. The researchers believe most threat actors will still opt for the standard variant, even though Lite and Forked might gain some popularity this year. Read more

    This phishing attack hijacks email chains to power up an ancient botnet


    This sneaky Microsoft Excel malware could put your organization at risk of
    attack


    These are the best firewalls right now

    IcedID is an old, modular banking trojan, usually used to deploy stage-two malware. So far, cybersecurity researchers have seen it used in countless campaigns, mostly used by access brokers to obtain, and later sell, access to high-value networks and endpoints.

    One such group was TA551, a threat actor with no concrete ties to any nation-state. The group was seen selling access obtained via IcedID last April. Check out the best endpoint protection out there



    ======================================================================
    Link to news story: https://www.techradar.com/news/new-icedid-variants-shift-from-bank-fraud-to-ma lware-delivery


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)