IcedID Trojan Rebooted with New Evasive Tactics

2020-08-18 12:56

Threat actors have enhanced a banking trojan that has been widely used during the COVID-19 pandemic with new functionality to help it avoid detection by potential victims and standard security protections.

Attackers have implemented several new features - including a password-protected attachment, keyword obfuscation and minimalist macro code-in a recent phishing campaign using documents trojanized by the widely used banking trojan IcedID, according to a new report by Juniper Networks security researcher Paul Kimayong.

Kimayong's report details an example of the new IcedID campaign and its evasive tactics from a compromise of PrepNow.com, a private, nationwide student tutoring company that operates in a number of U.S. states.

If victims open the attachment, the campaign then launches a three-stage attack to unleash the IcedID trojan, Kimayong wrote.

Find out how to address these new cybersecurity realities with our complimentary Threatpost eBook, 2020 in Security: Four Stories from the New Threat Landscape, presented in conjunction with Forcepoint.

News URL

https://threatpost.com/icedid-trojan-rebooted-evasive-tactics/158425/

#evasive #trojan