Icarus Stealer Attempts to Dodge AV Protection

Icarus stealer is the name of a newly discovered malicious infostealer tool.

The new malware has the usual range of features and the functionality you would expect from a fairly well-developed infostealer tool. Icarus can serve as a dropper for additional malicious files. It can also execute commands using the Windows command line and PowerShell.

Icarus has modules that give it capabilities to dodge analysis, including an anti-virtualization module that kills the malware process if it is running inside a virtual machine, and an anti-debugging module.

Icarus also attempts to scrape installed browsers for login credentials stored locally and can exfiltrate this information.

The malware can also interface with a number of applications including email clients, messaging applications and the Windows file explorer, enabling it to manipulate files on the compromised device.

The combination of those malicious features makes Icarus a dangerous malicious tool. Cleaning a system infected with Icarus will require the use of a dedicated anti-malware solution.

September 9, 2022