An updated version of a malware loader codenamed IceXLoader is suspected of having compromised thousands of personal and enterprise Windows machines across the world.
IceXLoader is a commodity malware that’s sold for $118 on underground forums for a lifetime license. It’s chiefly employed to download and execute additional malware on breached hosts.
This past June, Fortinet FortiGuard Labs said it uncovered a version of the trojan written in the Nim programming language with the goal of evading analysis and detection.
“While the version discovered in June (v3.0) looked like a work-in-progress, we recently observed a newer v3.3.3 loader which looks to be fully functionable and includes a multi-stage delivery chain,” Natalie Zargarov, cybersecurity researcher at Minerva Labs, said in a report published Tuesday.
IceXLoader is traditionally distributed through phishing campaigns, with emails containing ZIP archives functioning as a trigger to deploy the malware. Infection chains have leveraged IceXLoader to deliver DarkCrystal RAT and cryptocurrency miners.
