New signed campaign to trick victims’ antivirus, allowing them to download and install the malware via attachment.
Technical analysis by the Malware Hunter JAMESWT
IcedID is back in Italy with the same last week stolen conversation. The email zip attachment contains an xlsm file. This contacts a single link and downloads the dll, starting malware (aka BokBot) infection
The Italian IcedID campaign, which uses real stolen email conversations, is back. Moreover, the message is the same as that conveyed last week by cybercrime.
The email compressed attachment in zip format contains an xlsm file. This, if opened, contacts a single link to download the dll which starts the malware infection.
IcedID (aka BokBot) is a modular banking trojan used to steal information and credentials from current accounts, e-commerce sites, providers and financial data.