IceXLoader Malware

IceXLoader is the name of a new piece of malware spotted in the wild in recent weeks.

As the name suggests, IceXLoader is used as a loader - an intermediary type of malware used to deliver and load other components in an attack chain. Loaders are often extremely versatile and can be used to deploy a number of very different ultimate payloads in the attack.

IceXLoader does a number of scanning and enumeration tasks once it is deployed on a target system. The malware scrapes information about the system's hardware components, including CPU and GPU, the logged user's name, and the presence of any anti-malware tools installed, among others.

If the advertising posted online on hacker forums is to be believed, IceXLoader is capable of slipping past a number of anti-virus tools. However, seeing how many security products actually pick up and flag the tool as malicious, this advertising seems very hyperbolic.

Given that IceXLoader scans for the system's GPU model, the loader will likely be used to spread cryptomining malware, as this type of malicious program makes use of more powerful graphics cards to mine cryptocurrency for the benefit of the malware's operator.

June 24, 2022