Threat Management

Windows devices targeted by updated IceXLoader

Thousands of enterprise and personal machines running on Windows around the world may have been impacted by the updated IceXLoader malware loader, according to The Hacker News. Unlike the previous version of IceXLoader identified in June appeared to be a "work-in-progress," the new version has added a multi-stage delivery chain, a report from Minerva Labs showed. IceXLoader version 3.3.3, while still based on the Nim programming language, is being deployed through a ZIP file with a dropper deploying a .NET-based downloader. Process hollowing is leveraged by the PNG file downloaded by the initial downloader to enable decryption and IceXLoader injection. All system metadata is then collected and exfiltrated by the new IceXLoader to an attacker domain. While IceXLoader could obtain commands that would allow device restarts and malware loader uninstallation, next-stage malware downloading and execution is its main function, according to Minerva Labs, which also discovered that thousands of victims have already been listed in the command-and-control server's SQLite database file.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.