Select Page

An updated version of a malware loader codenamed IceXLoader is suspected of having compromised thousands of personal and enterprise Windows machines across the world.

IceXLoader is a commodity malware that’s sold for $118 on underground forums for a lifetime license. It’s chiefly employed to download and execute additional malware on breached hosts.

This past June, Fortinet FortiGuard Labs said it uncovered a version of the trojan written in the Nim programming language with the goal of evading analysis and detection.

“While the version discovered in June (v3.0) looked like a work-in-progress, we recently observed a newer v3.3.3 loader which looks to be fully functionable and includes a multi-stage delivery chain,” Natalie Zargarov, cybersecurity researcher at Minerva Labs, said in a report published Tuesday.

IceXLoader is traditionally distributed through phishing campaigns, with emails containing ZIP archives functioning as a trigger to deploy the malware. Infection chains have leveraged IceXLoader to deliver DarkCrystal RAT and cryptocurrency miners.

images from Hacker News