Security News > 2023 > March > New IcedID variants shift from bank fraud to malware delivery
New IcedID variants have been found without the usual online banking fraud functionality and instead focus on installing further malware on compromised systems.
Proofpoint has identified two new variants of the IcedID loader, namely "Lite" and "Forked", both delivering the same IcedID bot with a more narrow-focused feature set.
Starting in November 2022, the "Lite" variant of the IcedID loader was delivered as a second-stage payload on systems infected by the newly-returned Emotet malware.
It is important to note that while some threat actors use new variants of the IcedID malware, others still choose to deploy the "Standard" variant, with one of the most recent campaigns dating March 10, 2023.
The "Forked" IcedID loader is quite similar to the "Standard" version in terms of its role, sending basic host info to the C2 and then fetching the IcedID bot.
IcedID is generally used for initial access by threat actors, so developing new variants is a worrying sign, signifying a shift towards specializing the bot to payload delivery.