Security News > 2021 > June > Spam Downpour Drips New IcedID Banking Trojan Variant
Researchers have seen a new variant of the IcedID banking trojan sliding in via two new spam campaigns.
ZIP files full of the malware - or links to such ZIP files - the new twist on the old banking trojan is a tweaked downloader, which the threat actors moved from the initial x86 version to the latest: an x86-64 version.
Most of the payloads the researchers collected were IcedID, but they also came across a few samples of the Qbot banking trojan.
That's in keeping with another widespread IcedID email campaign that pelleted targets in April, when rigged Microsoft Excel attachments and Excel 4 macros were dumping IcedID at high volumes.
At the time, it looked like the IcedID trojan was stepping in to fill the void left by Emotet after the malware got slapped offline in January; besides being a banking trojan, IcedID is increasingly used as a dropper for other malware.
Besides the spike in infection attempts, the IcedID variant has also been outfitted with a new downloader.
News URL
https://threatpost.com/spam-icedid-banking-trojan-variant/167250/
Related news
- Banking Trojans Target Latin America and Europe Through Google Cloud Run (source)
- New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics (source)
- PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users (source)
- Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities (source)