The malware has boosted its anti-detection capabilities in a new email campaign.
A new version of the IcedID banking trojan has debuted that notably embraces steganography – the practice of hiding code within images – in order to stealthily infect victims. It has also changed up its process for eavesdropping on victims’ web activity.
Researchers at Juniper Threat Labs have uncovered an email spam campaign circulating in the United States spreading the malware. The messages use the COVID-19 pandemic and the Family and Medical Leave Act (FMLA) as their theme, including using related keywords in email sender names and attachment names.
The attachments are boobytrapped with malicious macros that, if opened, execute the IcedID banking trojan, which has been around since 2017. IcedID specializes in mounting man-in-the-browser attacks to intercept and steal financial information from victims. In the latest campaign, it harvests credentials and payment-card data from Amazon.com, American Express, AT&T, Bank of America, Capital One, Chase, Discover, eBay, E-Trade, J.P. Morgan, Charles Schwab, T-Mobile, USAA, Verizon Wireless, Wells Fargo and others.
This latest variant changes up its infection tactics by injecting into msiexec.exe to insert itself into browser traffic, and using full steganography for downloading its modules and configurations, researchers said.
“Previous versions of IcedID injected into svchost.exe and downloaded encrypted modules and config as .DAT files,” according to a Thursday posting.The malware has boosted its anti-detection capabilities in a new email campaign.
A new version of the IcedID banking trojan has debuted that notably embraces steganography – the practice of hiding code within images – in order to stealthily infect victims. It has also changed up its process for eavesdropping on victims’ web activity.
Researchers at Juniper Threat Labs have uncovered an email spam campaign circulating in the United States spreading the malware. The messages use the COVID-19 pandemic and the Family and Medical Leave Act (FMLA) as their theme, including using related keywords in email sender names and attachment names.
The attachments are boobytrapped with malicious macros that, if opened, execute the IcedID banking trojan, which has been around since 2017. IcedID specializes in mounting man-in-the-browser attacks to intercept and steal financial information from victims. In the latest campaign, it harvests credentials and payment-card data from Amazon.com, American Express, AT&T, Bank of America, Capital One, Chase, Discover, eBay, E-Trade, J.P. Morgan, Charles Schwab, T-Mobile, USAA, Verizon Wireless, Wells Fargo and others.
This latest variant changes up its infection tactics by injecting into msiexec.exe to insert itself into browser traffic, and using full steganography for downloading its modules and configurations, researchers said.
“Previous versions of IcedID injected into svchost.exe and downloaded encrypted modules and config as .DAT files,” according to a Thursday posting.The malware has boosted its anti-detection capabilities in a new email campaign.
A new version of the IcedID banking trojan has debuted that notably embraces steganography – the practice of hiding code within images – in order to stealthily infect victims. It has also changed up its process for eavesdropping on victims’ web activity.
Researchers at Juniper Threat Labs have uncovered an email spam campaign circulating in the United States spreading the malware. The messages use the COVID-19 pandemic and the Family and Medical Leave Act (FMLA) as their theme, including using related keywords in email sender names and attachment names.
The attachments are boobytrapped with malicious macros that, if opened, execute the IcedID banking trojan, which has been around since 2017. IcedID specializes in mounting man-in-the-browser attacks to intercept and steal financial information from victims. In the latest campaign, it harvests credentials and payment-card data from Amazon.com, American Express, AT&T, Bank of America, Capital One, Chase, Discover, eBay, E-Trade, J.P. Morgan, Charles Schwab, T-Mobile, USAA, Verizon Wireless, Wells Fargo and others.
This latest variant changes up its infection tactics by injecting into msiexec.exe to insert itself into browser traffic, and using full steganography for downloading its modules and configurations, researchers said.
“Previous versions of IcedID injected into svchost.exe and downloaded encrypted modules and config as .DAT files,” according to a Thursday posting.The malware has boosted its anti-detection capabilities in a new email campaign.
A new version of the IcedID banking trojan has debuted that notably embraces steganography – the practice of hiding code within images – in order to stealthily infect victims. It has also changed up its process for eavesdropping on victims’ web activity.
Researchers at Juniper Threat Labs have uncovered an email spam campaign circulating in the United States spreading the malware. The messages use the COVID-19 pandemic and the Family and Medical Leave Act (FMLA) as their theme, including using related keywords in email sender names and attachment names.
The attachments are boobytrapped with malicious macros that, if opened, execute the IcedID banking trojan, which has been around since 2017. IcedID specializes in mounting man-in-the-browser attacks to intercept and steal financial information from victims. In the latest campaign, it harvests credentials and payment-card data from Amazon.com, American Express, AT&T, Bank of America, Capital One, Chase, Discover, eBay, E-Trade, J.P. Morgan, Charles Schwab, T-Mobile, USAA, Verizon Wireless, Wells Fargo and others.
This latest variant changes up its infection tactics by injecting into msiexec.exe to insert itself into browser traffic, and using full steganography for downloading its modules and configurations, researchers said.
“Previous versions of IcedID injected into svchost.exe and downloaded encrypted modules and config as .DAT files,” according to a Thursday posting.
#malware #web security #covid-19 #security
