Security News > 2022 > November > Windows breaks under upgraded IceXLoader malware
A malware loader deemed in June to be a "Work in progress" is now fully functional and infecting thousands of Windows corporate and home PCs. IceXLoader version 3 was discovered in the summer by Fortinet's FortiGuard Labs, which wrote that the malware's features were incomplete and it appeared to have been ported to the Nim programming language.
IceXLoader was originally sold on the dark web for $118 per lifetime license by a group of developers that also sells other commodity malware and claims to have more than 200 clients, FortiGuard wrote.
IceXLoader contacts the C2 server for further orders and additional malware can be deployed to the compromised system.
According to FortiGuard, version 1.0 of IceXLoader was used to distribute the DCRat - or Dark Crystal RAT - data exfiltration malware while version 3.0 distributed a Monero cryptocurrency miner.
IceXLoader has a number of features designed to evade detection - including obfuscating the code, not running inside Microsoft Defender's emulator, and executing PowerShell with an encrypted demand to delay executing the malware for 35 seconds to avoid sandboxes.
"The [IceXLoader] developers market their loader as FUD, a common term used within malware hacking forums to denote malware that can bypass antivirus products," FortiGuard researchers wrote.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/11/10/icexloader_malware_microsoft_users/
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)