IcedID
The IcedID banking Trojan uses a modular design similar to the one seen in the Zeus banking malware, one of the most infamous cyber-threats to focus on financial institutions and payment processing companies. Most of the IcedID’s victims seem to be situated in the U.S., but there are also some cases in which systems situated in the United Kingdom were targeted as well. Cybersecurity experts analyzing the IcedID’s code, report that its authors have not reused code found in other banking Trojans so that this is likely to be an elaborate project that has taken months to create.
The delivery method used to spread the IcedID Trojan hints that its operators are not new faces to the hacking scene – they rely on the Emotet Trojan, which has been linked to the propagation of other malware and banking Trojans previously. In the past, famous cases such as Dridex and QakBot have been linked to the use of the Emotet Trojan.
Once the IcedID is deployed to the vulnerable system, it may utilize either basic redirection attacks or the more advanced Web injection attacks that may prevent users from noticing anything out of the ordinary. The deployed version of the IcedID is fed by a configuration file from the Command & Control server of the attacker – this file contains a list of Web addresses it must keep an eye out for. As you can probably tell, these addresses are linked to online banking services, and the IcedID will trigger its attack as soon as it spots a match. Instead of using a basic redirect to a fake phishing page with a different URL, the IcedID manages to preserve the original URL in the address bar, and even display the bank’s SSL certificate. This makes it incredibly difficult to notice anything out of the ordinary, even if you are familiar with attacks of this sort.
The fake page that the IcedID’s victims are displayed is used to harvest their login credentials, and they also provide the attackers with a tool that they can use to carry out social engineering tricks that aim to control the user’s actions.
Unsurprisingly, the IcedID uses newly created Registry keys to acquire persistence, and ensure that it will continue to operate after the infected system is rebooted. Protecting yourself from the IcedID requires you use a reputable anti-malware software suite that will keep you safe from harmful connections and files. Furthermore, it is recommended to avoid browsing dodgy websites or download file attachments whose source not credible.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.