"New Malware 'Latrodectus' Linked to IcedID"

Researchers have identified a new loader called "Latrodectus," linked to about a dozen campaigns since February 2024. The malware, which was mainly used by Initial Access Brokers (IABs), serves as a downloader to retrieve payloads and run arbitrary commands. Latrodectus was initially thought to be a variant of "IcedID," but a follow-up analysis confirmed that it is a different malware, most likely developed by the same creators as IcedID. Latrodectus was first discovered in operations linked to TA577, a known Qbot distributor. It became associated with TA578 in email-based threat campaigns beginning in mid-January 2024. The prevalence of this malware increased in campaigns throughout February and March. This article continues to discuss findings surrounding the new Latrodectus loader.

Infosecurity Magazine reports "New Malware 'Latrodectus' Linked to IcedID"

Submitted by grigby1