Thousands of enterprise and personal machines running on Windows around the world may have been impacted by the updated IceXLoader malware loader, according to The Hacker News.
Unlike the previous version of IceXLoader identified in June appeared to be a "work-in-progress," the new version has added a multi-stage delivery chain, a report from Minerva Labs showed.
IceXLoader version 3.3.3, while still based on the Nim programming language, is being deployed through a ZIP file with a dropper deploying a .NET-based downloader. Process hollowing is leveraged by the PNG file downloaded by the initial downloader to enable decryption and IceXLoader injection.
All system metadata is then collected and exfiltrated by the new IceXLoader to an attacker domain. While IceXLoader could obtain commands that would allow device restarts and malware loader uninstallation, next-stage malware downloading and execution is its main function, according to Minerva Labs, which also discovered that thousands of victims have already been listed in the command-and-control server's SQLite database file.
SiliconAngle reports that mounting security alert fatigue has prompted Torq to introduce its new HyperSOC system based on its Hyperautomation Platform using artificial intelligence to enable security operation center response automation, management, and monitoring in a bid to bolster the investigation and remediation of cybersecurity threats.
Moldovan botnet operator Alexander Lefterov, also known as Alipatime, Alipako, and Uptime, has been indicted by the U.S. Department of Justice for his involvement in widespread attacks against U.S.-based computers, BleepingComputer reports.