IcedID malware, in the hijacked email thread, with the insecure Exchange servers

Cyber-criminals are using compromised Microsoft Exchange servers to spam out emails designed to infect people’s PCs with IcedID.

IcedID is bad news because if you’re tricked into running it, it opens a backdoor allowing further malware, such as ransomware, to be injected into your system. Marks typically receive an encrypted .zip as an attachment, with the password in the email text, and instructions to open the contents of the archive. Doing so starts a downloader that deploys IcedID on the computer.

IcedID itself isn’t new. IBM’s X-Force threat hunters said they discovered the Windows software nasty back in 2017, when it was primarily designed to steal victims’ online banking credentials. It popped up last year when crooks hijacked a BP Chargemaster domain to spam out emails to spread IcedID.

Read more…
Source: The Register