A unique banking trojan called IcedID is hitting businesses throughout the US and Canada. In most implementations, IcedID is being bundled with another Trojan called Emotet and delivered via spam Email of infected Word documents.
What makes IcedID unusual is that it propagates through a business network. It sets up a Command and Control channel using SSL encryption. It installs a proxy server and listens for online banking connections. The user’s credentials are then intercepted and sent to the hacker.
Comments in the code suggest the malware was developed in the Russia/Ukraine/Eastern-Europe region.
- Make sure all antivirus and malware detection systems are up to date.
- Be careful what you click on.