"Phishing Infects Thousands of Personal And Business Computers With IceXLoader Malware"
Due to an ongoing phishing operation, a new malware variant called "IceXLoader" has infected thousands of residential and business users. The creators of IceXLoader, a malware loader discovered in the wild last summer, have released version 3.3.3 of the tool, which includes a multi-stage distribution chain and improved functionality. IceXLoader was at version 3.0 when Fortinet discovered the Nim-based malware in June 2022, but it lacked certain essential functionality and appeared to be in development. The most recent IceXLoader release marks a departure from the project's beta development phase. IceXLoader 3.3.3 copies itself into two folders labeled with the operator's nicknames and then gathers and exfiltrates host data to the command-and-control (C2) server, including the IP address, username, machine name, Windows OS version, hardware information, presence of Framework v2.0 and/or v4.0, and more. The loader supports stopping execution, restarting IceXLoader, changing C2 server beaconing interval, loading and executing a .NET assembly, and other commands. This article continues to discuss the impact and capabilities of the IceXLoader 3.3.3.