What is IcedID? Hackers using new banking Trojan to spy and steal from targets in US and UK
Security experts suspect that a small but experienced cybercrime gang may be running IcedID malware.
A new banking Trojan dubbed IcedID has recently been spotted operating in the wild. Although IcedID is fairly new to the cybercrime arena, security experts suggest that the malware's capabilities are on par with Dridex, Zeus and Gozi – all of which are proliferating banking malware that have previously caused widespread destruction and chaos in cyberspace.
The hackers operating the malware are going after banks, payment card providers, mobile service providers and others in the US. The malware has also been found targeting two UK banks. In addition to being equipped with data-stealing abilities, IcedID can also monitor victims' online activities.
According to security researchers at IBM X-Force, who uncovered the banking malware, either an experienced hacker or a small cybercrime gang may likely be operating IcedID.
"X-Force's analysis of IcedID's delivery method suggests that its operators are not new to the cybercrime arena, opting to infect users via the Emotet Trojan," IBM researchers said in a blog. Although the malware does not borrow code from other malware strains, researchers say that it still comes packed with features that "allow it to perform advanced browser manipulation tactics" employed by other sophisticated banking Trojans.
The X-Force researchers say that the hackers operating IcedID are using Emotet – a well-known malware distribution tool. "It was originally a banking Trojan that preceded Dridex. As such, it is designed to amass and maintain botnets. Emotet persists on the machine and then fetches additional components such as a spamming module, a network worm module, and password and data stealers for Microsoft Outlook email and browser activity," X-Force researchers explained.
The malware can also steal data via both redirection and web injection attacks, similar to TrickBot and Dridex. The malware can spread over networks and infect terminal servers. Researchers believe that the malware may soon begin targeting businesses.
Given that IcedID is still the new kid on the cybercrime block, it is still uncertain as to how successful the malware may be in the future. However, X-Force researchers believe that the malware may soon be updated by hackers to make it even more potent.