Watch Out for the Malspam Attack That Spreads the IcedID Info Stealer

Security researchers spotted a new malware campaign in the wild in early 2021. The new push conducted by the bad actors behind it uses a fake chain email to disguise a big phishing e-mail spam campaign.

To lend credibility to their efforts, the actors behind this new attack use real, genuine e-mail messages, lifted from the inboxes of victims who had already been hacked and compromised. Researchers believe the organization behind this new campaign is the group named TA551, sometimes referred to as Shathak - a threat actor operating out of an undetermined location.

Malware within fake but believable spam mail

The malware-propagating spam campaign uses e-mails that have attachments in the form of Microsoft Word files. The setup is predictable - the malicious Word file attachments ask the user to allow macros and if macro execution permissions are granted, the infection chain is started. The malicious macros download the IcedID infostealer and installs it on the victim's system.

To make the malicious e-mails as convincing as possible, the bad actors use e-mails from previously compromised clients and attach the Word document in a password-protected archive. The archive is named after the organization or company whose e-mail is being spoofed and there is a brief additional instruction to use the supplied password to open the archive.

In the past, TA551 have primarily targeted English-speaking demographics, but their attacks have expanded to target countries and populations speaking Italian, German and Japanese as well. The infection vector has changed as well.

While previously TA551 used the Valak malware as the downloader for IcedID, they have moved to using malicious macros in Microsoft Office files, as is the case with this most recent campaign.

Researchers expect TA551 to keep improving their methods and come up with new ways to spread the infostealer and make further advancements in their ongoing effort to avoid detection.

By Zaib
January 11, 2021
Computer Security
English
January 11, 2021
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

News, Ransomware

Tech Company Garmin Pays Millions After Ransomware Attack

Garmin, a brand associated with a lot of different GPS systems and sports equipment, reportedly paid millions of dollars of ransom after hackers infected its systems with ransomware in late July 2020. According to... Read more

September 4, 2020
Malware

What Is a DDoS Attack and How to Avoid It

Directed denial of Service, or simply "DDoS" attacks, are designed to take down a platform or web page and interrupt the service it provides. This temporary loss of service is caused by overloading a single website... Read more

September 3, 2019
Computer Security

Experts Reveal Hackers Attack Computers Every 39 Seconds

Digital security experts working with NGRAVE recently announced that according to their estimations bad actors carry out some form of automated attack every 39 seconds. This means that scripted attacks take place... Read more

September 23, 2020
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.