skip to Main Content

IcedID is fast becoming a leading player in the cybercrime landscape

IcedID is fast becoming a leading player in the cybercrime landscape. Spike in malware attacks (aka BokBot) in recent days via real stolen email conversations. Italy is at the center of the viewfinder

IcedID (aka BokBot) is fast becoming a leading player in the global cybercrime landscape. Since March 22, as evidenced by MalwareBazaar, there has been a surge in the surveys of campaigns that exploit it.

The vehicle is email phishing and spear phishing, which exploit real stolen mail conversations. They contain attachments compressed in zip format. Some are password protected, some are not. Inside them there are Office files (xlsm or doc have been detected so far), which contact one url or more (different in each message) to download the dll and start the malware infection chain. IcedID, a banking Trojan with multiple capabilities, targeted financial institutions and banks in the United States, Canada and the United Kingdom when it was discovered in 2017. Now it seems that the attacks have moved to Europe and Italy appears to be one of the most affected countries.

Back To Top