Security News > 2022 > November > New IceXLoader Malware Loader Variant Infected Thousands of Victims Worldwide

An updated version of a malware loader codenamed IceXLoader is suspected of having compromised thousands of personal and enterprise Windows machines across the world.

IceXLoader is a commodity malware that's sold for $118 on underground forums for a lifetime license.

It's chiefly employed to download and execute additional malware on breached hosts.

IceXLoader is traditionally distributed through phishing campaigns, with emails containing ZIP archives functioning as a trigger to deploy the malware.

In the attack sequence detailed by Minerva Labs, the ZIP file has been found to harbor a dropper, which drops a.NET-based downloader that, as the name implies, download a PNG image from a hard-coded URL. This image file, another dropper, is subsequently converted into an array of bytes, effectively allowing it to decrypt and inject IceXLoader into a new process using a technique called process hollowing.

The commands include the ability to restart and uninstall the malware loader and halt its execution.

News URL

https://thehackernews.com/2022/11/new-icexloader-malware-loader-variant.html