IcedID is a banking trojan that was first discovered in the wild in September 2017. In October 2022, it was the fourth most common malware variant, partially driven by the return of Emotet, which often delivers the malware. As a banking trojan, IcedID specializes in collecting login credentials for user accounts with financial institutions. IcedID is also capable of dropping malware.
While IcedID is commonly distributed by Emotet, a botnet malware, it is not the only delivery vector for IcedID. The banking trojan also distributes itself via malspam campaigns and can move through a network to infect other hosts after gaining a foothold on an infected system. The IcedID malware is also known for using various techniques to conceal its presence on a system. For example, the malware uses process injection to hide itself on the system and steganography to conceal sensitive data.
As the IcedID malware is a banking trojan, its primary purpose is to steal login credentials for users’ accounts at financial institutions. Once it has access to these credentials, the malware can use them to log into user accounts and steal money from the user. Recently, IcedID is also used to drop additional malware.
IcedID uses web injection to trick users into handing over their credentials:
IcedID is a sophisticated banking trojan, and its use of evasion techniques makes it difficult to identify and remediate on infected systems. However, organizations and individuals can take a variety of actions to protect themselves against IcedID infections.
Some best practices for dealing with malware and banking trojans in general and IcedID in particular include the following:
While the IcedID poses a significant threat to corporate and personal cybersecurity, it is far from the only cyber threat that companies face and was only the fourth most common malware variant in October 2022. Learn more about the current state of the cyber threat landscape in Check Point’s 2022 Cyber Security Report.
Check Point Harmony Endpoint provides comprehensive protection against IcedID and other banking trojans and malware. With access to threat intelligence from Check Point ThreatCloud, Harmony Endpoint has visibility into the latest attack campaigns and the ability to prevent attacks by emerging malware variants.
Harmony Endpoint enables organizations to deploy scalable, centrally-managed endpoint security to protect their systems and users. Learn more about how Harmony Endpoint can improve your organization’s endpoint security posture by signing up for a free demo today.