Hackers behind IcedID malware attacks diversify delivery tactics

The threat actors behind IcedID malware phishing operations are presumably experimenting with different distribution tactics to see what works best against certain targets. Team Cymru researchers saw numerous campaigns in September 2022, all of which followed slightly distinct infection patterns, which they feel will aid in evaluating success. IcedID began in 2017 as a modular banking trojan, but has subsequently grown into a malware dropper often used to obtain early access to corporate networks. IcedID excels in evading detection and establishing host persistence. Finally, the virus configures a proxy to interact with its C2 over HTTPS and downloads more payloads as instructed by its administrators. Read More…