Security News > 2023 > March > IcedID Malware Shifts Focus from Banking Fraud to Ransomware Delivery

Multiple threat actors have been observed using two new variants of the IcedID malware in the wild with more limited functionality that removes functionality related to online banking fraud.

"The well-known IcedID version consists of an initial loader which contacts a Loader server, downloads the standard DLL Loader, which then delivers the standard IcedID Bot," Proofpoint said in a new report published Monday.

Also newly observed in February 2023 is a Forked variant of IcedID. Both these variants are designed to drop what's called a Forked version of IcedID Bot that leaves out the web injects and backconnect functionality that would typically be used for banking fraud, the enterprise security firm noted.

"It is likely a cluster of threat actors is using modified variants to pivot the malware away from typical banking trojan and banking fraud activity to focus on payload delivery, which likely includes prioritizing ransomware delivery," Proofpoint noted.

The use of existing Emotet infections to deliver the Lite variant has raised the possibility of a potential partnership between Emotet developers and IcedID operators.

"While historically IcedID's main function was a banking trojan, the removal of banking functionality aligns with the overall landscape shift away from banking malware and an increasing focus on being a loader for follow-on infections, including ransomware," the researchers said.

News URL

https://thehackernews.com/2023/03/icedid-malware-shifts-focus-from.html