IcedID malware, also known as BokBot, had its attack infrastructure enhanced with updates to its BackConnect module for post-compromise activities, The Hacker News reports.
Thirty-four IcedID BC command-and-control servers have been identified since January, compared with the 11 BC C2s discovered from July to December 2022, prompting average server uptimes to decline from 28 days to eight days, according to a report from Team Cymru.
Aside from the growing number of concurrent C2 servers in operation, various victims may have also been accessed by the same IcedID affiliate or operation during the same period.
"The evidence in our NetFlow data suggests that certain IcedID victims are used as proxies in spamming operations, enabled by BC's SOCKS capabilities. This is a potential double blow for victims, not only are they compromised and incurring data / financial loss, but they are also further exploited for the purposes of spreading further IcedID campaigns," said Team Cymru.
