IcedID Banking Trojan Surges: The New Emotet?

[silversurfer]

The banking trojan known as IcedID appears to be taking the place of the recently disrupted Emotet trojan, according to researchers.
 
IcedID (a.k.a. BokBot), bears similarities to Emotet in that it’s a modular malware that started life as a banking trojan used to steal financial information. Increasingly though, it’s being used as a dropper for other malware, researchers noted – also just like Emotet.
 
The malware has been circulating at increasing rates, thanks to a spate of email campaigns using Microsoft Excel spreadsheet file attachments, according to Ashwin Vamshi and Abhijit Mohanta, researchers with Uptycs.
 
In fact, in the first three months of the year, Uptyc’s telemetry flagged more than 15,000 HTTP requests from more than 4,000 malicious documents, the majority of which (93 percent) were Microsoft Excel spreadsheets using the extensions .XLS or .XLSM.
 
If opened, targets would be asked to “enable content” to view the message. Enabling the content allows embedded Excel 4 macro formulas to execute.
 
“.XLSM supports the embedding of Excel 4.0 macro formulas used in Excel spreadsheet cells,” according to an analysis published on Wednesday. “Attackers leverage this functionality to embed arbitrary commands, which usually download a malicious payload from the URL using the formulas in the document.” The URLs generally belong to legitimate but compromised websites, they added.

Read more: IcedID Banking Trojan Surges: The New Emotet? | Threatpost