Attackers began to distribute the IcedID banking trojan through Yandex.Forms. Often the path to it is contained in e-mails addressed to site owners with complaints of copyright infringement. Such a letter was recently received by BleepingComputer on behalf of Zoho. It claimed that the site used copyrighted images, and provided a link to Yandex.Forms as evidence.
According to SecurityLab, clicking on the link takes you to a phishing web page that says “Proof of Image Theft is ready to download.” After that, Yandex.Forms downloads a file called Stolen_ImagesEvidence.iso from the built-in link, which creates a new disk on the computer with the Documents folder and a DLL file with a random name. The folder is actually a Windows shortcut, and the DLL file is the loader of the IcedID banking trojan. This Trojan is notorious for stealing credentials and can download additional malware.
Experts say that previously Google Sites and Microsoft Exchange were used for such purposes. When receiving suspicious email notifications, it is advisable to scan attached files using VirusTotal.
Source: Trash Box
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.
