Sophisticated Latrodectus Malware Linked to 2017 Strain

Security researchers are warning about a relatively new malware called Latrodectus, believed to be an evolutionary successor to the IcedID loader. It has been detected in malicious email campaigns since November 2023, and recent enhancements make it harder to detect and mitigate.

See Also: OnDemand | Overcoming the Limitations of Addressing Insider Threat in Banking: Real Solutions for Real Security Challenges

Proofpoint’s Threat Research team, in partnership with Team Cymru S2 Threat Research, spotted nearly a dozen campaigns delivering Latrodectus beginning in February 2024. The malware, used by initial access brokers, downloads payloads and executes arbitrary commands.

While initial analysis suggested Latrodectus is a new variant of IcedID, subsequent research found that it is a new malware most likely named Latrodectus because of a string identified in the code. Latrodectus employs infrastructure used in historic IcedID operations, indicating potential ties to the same threat actors. IcedID, first discovered in 2017, has been described as a banking Trojan and remote access Trojan.

Researchers discovered insights into the activities of threat actors TA577 and TA578 – the primary distributors of Latrodectus that illustrate the evolving tactics threat actors have used over time.

TA577, previously…