Threat Management
Windows devices targeted by updated IceXLoader
Share
Thousands of enterprise and personal machines running on Windows around the world may have been impacted by the updated IceXLoader malware loader, according to The Hacker News.
Unlike the previous version of IceXLoader identified in June appeared to be a "work-in-progress," the new version has added a multi-stage delivery chain, a report from Minerva Labs showed.
IceXLoader version 3.3.3, while still based on the Nim programming language, is being deployed through a ZIP file with a dropper deploying a .NET-based downloader. Process hollowing is leveraged by the PNG file downloaded by the initial downloader to enable decryption and IceXLoader injection.
All system metadata is then collected and exfiltrated by the new IceXLoader to an attacker domain. While IceXLoader could obtain commands that would allow device restarts and malware loader uninstallation, next-stage malware downloading and execution is its main function, according to Minerva Labs, which also discovered that thousands of victims have already been listed in the command-and-control server's SQLite database file.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds