Advertisement Banner
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Cyber News

IcedID malware campaign targets Zoom usersSecurity Affairs

admin by admin
January 7, 2023
in Cyber News


Cyber researchers warn of a modified Zoom app that was used by threat actors in a phishing campaign to deliver the IcedID Malware.

Cyble researchers recently uncovered a phishing campaign targeting users of the popular video conferencing and online meeting platform Zoom to deliver the IcedID malware.

IcedID banking trojan first appeared in the threat landscape in 2017, it has capabilities similar to other financial threats like Gozi, Zeus, and Dridex. Experts at IBM X-Force that first analyzed it noticed that the threat does not borrow code from other banking malware, but the malicious code implements comparable capabilities, including launching man-in-the-browser attacks, and intercepting and stealing financial information from victims.

The IcedID malware usually spreads malvertising campaigns using weaponized Office documents. However, in the campaign discovered by Cyble, threat actors used a phishing website, mimiking the legitimate Zoom website, to deliver the IcedID malware.

“The TAs behind this campaign used a highly convincing phishing page that looked like a legitimate Zoom website to trick users into downloading the IcedID malware, which carries out malicious activities.” reads the analysis published by Cyble.

The landing page on the website contained a download button. Upon clicking on the button, the site delivered a Zoom installer file from the URL: hxxps[:]//explorezoom[.]com/products/app/ZoomInstallerFull[.]exe. The analysis conducted by the experts revealed that the file was a version of the IcedID malware.

Upon executing the “ZoomInstallerFull.exe” executable, the malware drops the binaries ikm.msi, maker.dll binaries in the in the %temp% folder.

The “maker.dll” is a malicious libraries used to perform various malicious activities and load the IcedID malware, while “ikm.msi” is a legitimate installer of the Zoom application.

Once installed, the IcedID malware attempts to connect the C2. If the malware can successfully connect to the C2 server, it can drop an additional malicious payloads in the %programdata% directory.

“IcedID is a highly advanced, long-lasting malware that has affected users worldwide.” concludes the report. “The threat actor utilized a phishing site in this specific campaign to deliver the IcedID payload. Threat actors are constantly adapting their techniques to evade detection by cybersecurity measures.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, malware)



Share On






Source link

Previous Post

Know the participating states in 2023 elections –

Next Post

French-speaking cybercriminals continue attacks on African banks

Next Post

French-speaking cybercriminals continue attacks on African banks

Recommended

Delaware federal judge to hear FTX case on Tuesday

3 months ago

Accenture Names Andrew J.P. Levy Chief Corporate and Government Affairs Officer

3 months ago

© 2022 Law Enforcement News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Cyber News
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact

© 2022 Law Enforcement News Hubb All rights reserved.