IceXLoader upgraded malware loader crashes Windows

Ένα πρόγραμμα φόρτωσης κακόβουλου λογισμικού (malware loader) που τον Ιούνιο χαρακτηριζόταν σαν ένα “project σε εξέλιξη” είναι πλέον πλήρως λειτουργικό και μολύνει χιλιάδες εταιρικούς και οικιακούς υπολογιστές με Windows.

IceXLoader version 3 was discovered over the summer by FortiGuard Labs of Fortinet, which wrote that the malware's capabilities were lacking and appeared to have been ported to the Nim programming language.

figure 1

However, researchers from Minerva Labs on Tuesday they said that they had found a newer version of IceXLoader – 3.3.3 – that works properly.

IceXLoader collects metadata from the system – such as IP address, username and machine name, Windows version and CPU, GPU and memory information – and sends it to a command and control server (C2) , according to the researchers.

There's a SQLite database of the malware there, and it's constantly being updated. According to the researchers, it "contains thousands of victim files, from private home and corporate computers."

The price of IceXLoader on the dark web was $118 (lifetime license) but at the moment we don't know how much the new version costs.

Malware initially enters systems through phishing. Emails contain a ZIP file that hosts a dropper, which drops a downloader written in .NET. This malware downloads another dropper that decrypts and injects IceXLoader.

IceXLoader directly communicates with the C2 server for further commands and additional malware. According to FortiGuard, IceXLoader version 1.0 was used to distribute the DCRat – or Dark Crystal RAT (a remote access trojan) malware, while version 3.0 distributed a Monero miner.

IceXLoader has a number of features designed to evade detection by Microsoft Defender.

Additionally, the malware is written in Nim – a newer programming language that compiles to C, C++ and JavaScript. Nim has been adopted in recent years by malicious developers trying to make their malicious code difficult to detect.
It's part of a larger trend in recent years where malware developers are turning to newer languages ​​like Go, DLang, Nim and Rust to avoid easy detection. The Best Technology Site in Greece
Follow us on Google News

malware, loader

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).