IcedID: A New Banking Trojan to Steal from Victims in US and UK

Japan Banks Constantly Being Harassed by Trojan Campaigns

IcedID is not only equipped with data-stealing abilities, but it can also monitor the online activities of its victims.

IcedID is a new banking Trojan was recently spotted operating in the wild. The Trojan is fairly new to the cybercrime arena. But, security experts have warned that the malware’s capabilities are very well on par with those of Dridex, Zeus, and Gozi. All of which have previously caused widespread destruction as well chaos in cyberspace.

It is believed that the hackers behind the new Trojan are orchestrating attacks against banks and payment card providers as well as mobile service providers in the US. It has also been found that the malware was targeting two UK banks. IcedID is not only equipped with data-stealing abilities, but it can also monitor the online activities of its victims.

Experts believe that the banking malware was created and operated by either a very experienced hacker or a small cybercrime gang. This was announced by researchers at IBM X-Force. The organization was also the ones who uncovered the banking malware.

In a statement on their blog, IBM researchers said that following an analysis of the delivery method of IcedID, X-Force was able to establish that those behind the malware were not new to the cybercrime arena. Among the malware’s behavior is that it opts to infect users via the Emotet Trojan.

The Malware may not borrow code from other virus strains but researchers have said that it is still packed with various features. This includes it being allowed to perform advanced browser manipulation tactics. These are traits which are employed by other similar sophisticated banking Trojans.

X-Force researchers have said that the hackers behind IcedID make use of Emotet. This is a well-known malware distribution tool. It was also originally the banking Trojan which preceded Dridex and it is designed to amass and maintain botnets. Researchers from X-Force have explained that Emotet persists on an infected machine.

It is then able to fetch additional components including spamming modules. It is also able to gather network worm modules as well as password and data stealers for Microsoft Outlook email and browser activity. Experts have warned that the invasive malware can also steal data through both redirection and web injection attacks. This shows similar traits to TrickBot and Dridex.

In addition, the IcedID can spread over networks to infect terminal servers. Researchers also believe that the malware may soon start targeting businesses. Taking into consideration that IcedID is still the new to the cybercrime network, many are still uncertain about just how successful the malware may be in the near future.

X-Force researchers, however, do believe that those behind the latest malware may release an update soon to make it more potent.