Name of Malware: IcedID

Type of Malware: Bot, Backdoor, Banking Trojan, Loader, RAT

Affected Operating Systems: Windows

Affected Device Types: PCs, laptops etc.

Impact: high

What is IcedID?

IcedID collects financial and transaction data on the infected system, exfiltrating it via the internet to the attacker. Additionally the malware allows the attacker to execute commands on the infected system and download additional files, which enables complete control over the system. Often, this is used to spread further malware such as ransomware. To allow the attacker long-term access, a permanent connection to the attacker's server is established.

How did I get infected with IcedID?

IcedID is primarily spread via phishing using malicious email attachments. Opening these leads to infection. However, IcedID can also be delivered to the system via other malware, such as Emotet.

What do I have to do now?

To remove IcedID, it is recommended to scan the infected system with an antivirus program. Since the infection sometimes comes with additional malware, reinstallation of the operating system may be necessary.

found under Removing infections from PCs, laptops etc.

Technical specifications

Further information on this malware can be found on the website of our project partner Fraunhofer FKIE.