At a glance.
- IcedID is evolving away from its banking malware roots.
- Emotet phishing campaign spoofs IRS W9s.
- FBI warns of BEC scams.
- Fake booter service as a law enforcement honeypot.
- Phishing in China's nuclear energy sector.
- OpenAI and a ChatGPT data leak.
- Report: Iran receives Russian support in cyberattacks against Albania?
- De-anonymizing Telegram?
IcedID is evolving away from its banking malware roots.
Proofpoint this morning released a report describing three strains of the IcedID banking malware, in use by several distinct threat actors:
- "Standard IcedID Variant – The variant most commonly observed in the threat landscape and used by a variety of threat actors."
- "Lite IcedID Variant – New variant observed as a follow-on payload in November Emotet infections that does not exfiltrate host data in the loader checkin and a bot with minimal functionality."
- "Forked IcedID Variant – New variant observed by Proofpoint researchers in February 2023 used by a small number of threat actors which also delivers the bot with minimal functionality."
The classic, Standard IcedID variant is the one most clearly adapted to traditional banking attacks. The Lite and Forked variants have seen removal of the components typically found in banking malware, which suggests to the researchers that IcedID is evolving away from its traditional uses, and is becoming a loader for follow-on infections. Such follow-on attacks are likely to include ransomware.