IcedID malware spreads through fake copyright infringement threats

Threat actors impersonating Zoho have sent BleepingComputer a copyright infringement complaint noting that the site has been using copyrighted images and that the proof of the violation could be checked through a Yandex Forms link, instead of Google Drive or Google Sites.

BleepingComputer reports that fake copyright infringement warnings using Yandex Forms are being leveraged for IcedID malware distribution.

These reports allegedly contain proof of DDoS attacks or copyrighted material used without permission but instead infect a target’s device with various malware, including BazarLoader, BumbleBee, and IcedID.

Clicking the Yandex Forms link in the complaint would redirect to a webpage with a “File ‘Stolen Images Evidence’ is ready for download” message that would eventually result in the download of an ISO file with the “Stolen_ImagesEvidence.iso” filename.

Users double-clicking on the downloaded file will be shown a new drive letter with a “documents” folder and a random DLL file, with the folder being a Windows shortcut that would trigger the execution of a malicious DLL loader for IcedID upon double-clicking.

Individuals receiving copyright complaints have been advised to be more vigilant and leverage VirusTotal for suspicious file scanning.

Suggest an edit to this article

Go to Cybersecurity Knowledge Base

Got to the Latest Cybersecurity News

Go to Cybersecurity Academy

Go to Homepage

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.

Remember, CyberSecurity Starts With You!

• Globally, 30,000 websites are hacked daily.
• 64% of companies worldwide have experienced at least one form of a cyber attack.
• There were 20M breached records in March 2021.
• In 2020, ransomware cases grew by 150%.
• Email is responsible for around 94% of all malware.
• Every 39 seconds, there is a new attack somewhere on the web.
• An average of around 24,000 malicious mobile apps are blocked daily on the internet.