IcedID Info-Stealing Malware Continues to Spread
Compromised Microsoft Exchange servers are sending out emails that appear to be a part of an email chain’s conversation to lure the un-suspecting user into opening an attached password protected archive or .zip file, along with the included password on open the file, resulting in infecting the user’s computer. From this point IcedID phones home with command-and-control techniques and then it can be utilized for a number of different ways to continue to exploit the infected computer. Due to the age of IcedID malware there is quite a bit of researched patterns and information of how it infects a computer.
More details:
The Register – https://www.theregister.com/2022/03/29/icedid_microsoft_exchange_phishing/
The Hacker News – https://thehackernews.com/2022/03/hackers-hijack-email-reply-chains-on.html
BleepingComputer – https://www.bleepingcomputer.com/news/security/microsoft-exchange-targeted-for-icedid-reply-chain-hijacking-attacks/
Cybersecurity Today 