Image

“Aside from the more common Trojan features, IcedID can propagate over a network. It monitors the victim’s online activity by setting up a local proxy for traffic tunneling, which is a concept reminiscent of the GootKit Trojan. Its attack tactics include both webinjection attacks and sophisticated redirection attacks similar to the scheme used by Dridex and TrickBot,” said IBM researchers.In addition, IcedID possesses the ability to move to other endpoints, and researchers also observed it infecting terminal servers, reported X-Force. Cybercriminals behind IcedID are leveraging Emotet to distribute the malware – an indicator that its operators are likely not new to the cybercrime arena, said IBM. “X-Force research believes that a threat actor or a small cybergang has been operating Emotet as a distribution operation for banking Trojans and other malware codes this year,” read the blog post. IcedID’s capabilities are already as sophisticated as other banking Trojans, such as Zues, Gozi and Dridex. However, researchers warn it will likely see further updates in the coming weeks.