Latrodectus Malware Loader emerges as IcedID successor in fraudulent campaign

Latrodectus Malware Loader emerges as IcedID successor in fraudulent campaign



Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware.

"These campaigns typically involve a recognizable infection chain involving oversized JavaScript files that utilize WMI's ability to invoke msiexec.exe and install a remotely-hosted MSI file, remotely hosted on a WEBDAV share," Elastic Security Labs researchers Daniel Stepanic and Samir Bousseaden said.

Latrodectus comes with standard capabilities that are typically expected of malware designed to deploy additional payloads such as QakBot, DarkGate, and PikaBot, allowing threat actors to conduct various post-exploitation activities.

An analysis of the latest Latrodectus artifacts has revealed an extensive focus on enumeration and execution as well as the incorporation of a self-delete technique to delete running files.
An hour before The Hacker news