Latrodectus Malware Loader emerges as IcedID successor in fraudulent campaign
"These campaigns typically involve a recognizable infection chain involving oversized JavaScript files that utilize WMI's ability to invoke msiexec.exe and install a remotely-hosted MSI file, remotely hosted on a WEBDAV share," Elastic Security Labs researchers Daniel Stepanic and Samir Bousseaden said.
Latrodectus comes with standard capabilities that are typically expected of malware designed to deploy additional payloads such as QakBot, DarkGate, and PikaBot, allowing threat actors to conduct various post-exploitation activities.
An analysis of the latest Latrodectus artifacts has revealed an extensive focus on enumeration and execution as well as the incorporation of a self-delete technique to delete running files.
An hour before The Hacker news