A malware loader deemed in June to be a "work in progress" is now fully functional and infecting thousands of Windows corporate and home PCs.
IceXLoader version 3 was discovered in the summer by Fortinet's FortiGuard Labs, which
wrote that the malware's features were incomplete and it appeared to have been ported to the Nim programming language. However, researchers with Minerva Labs on Tuesday
reported that they had detected a newer iteration of IceXLoader – version 3.3.3 – complete with a multi-stage delivery chain for nasty code. IceXLoader gathers metadata from the system – such as the IP address, username and machine name, Windows version, and information about the CPU, GPU, and memory – and sends it to a command-and-control (C2) server, according to the researchers.
They wrote that the malware's SQLite database file, which is hosted on the C2 server and is continuously being updated, "contained thousands of victim records, which contained "a mix of private home PCs and corporate PCs. We started informing the affected companies after the discovery," it said.
Seniors targeted in global Facebook scam spreading new Android malware
Malware bypassed macOS Gatekeeper by abusing Apple's notarization proccess