New Banking Trojan IcedID Discovered by IBM X-Force Research

This blog post was written in collaboration with X-Force researchers: Maor Wiesen | Tal Darsan | Tomer Agayev

---

IBM X-Force research follows developments in the financial cybercrime arena to map the events and trends that shape the threat landscape for organizations and consumers alike. After a year that has been very active in terms of banking malware, point-of-sale (POS) malware and rampant ransomware attacks, the X-Force team identified a new banking Trojan active in the wild dubbed IcedID.

IcedID Emerges

According to X-Force research, the new banking Trojan emerged in the wild in September 2017, when its first test campaigns were launched. Our researchers noted that IcedID has a modular malicious code with modern banking Trojan capabilities comparable to malware such as the Zeus Trojan.

At this time, the malware targets banks, payment card providers, mobile services providers, payroll, webmail and e-commerce sites in the U.S. Two major banks in the U.K. are also on the target list the malware fetches.

IcedID does not seem to have borrowed code from other Trojans, but it implements comparable features that allow it to perform advanced browser manipulation tactics. Although IcedID’s capabilities are already up to par with those of other banking Trojans such as Zeus, Gozi and Dridex, our researchers believe it will see further updates in the coming weeks.

Served by Emotet…

Continue reading this blog post here.