This malware has been observed dropping a cryptocurrency miner and stealing browser data. It also appears to be using the same infrastructure as other recent campaigns from this actor.
– The campaign was first identified on December 3rd when we saw an increase in detections for a new variant of the Rig Exploit Kit (EK). We quickly discovered that it was pushing a new payload: IcedID . – This campaign uses some interesting techniques including domain shadowing and abusing Google Translate API to bypass security controls such as URL filtering and sandboxing solutions
https://t.co/8lTRvWrxOs