IcedID is a banking trojan that first appeared in 2017. This malware attacks corporate victims, mainly banks and financial institutions. IcedID uses a combination of phishing attacks to deploy the malware, and man-in-the-browser attacks to divert victims to replica sites that steal credentials.
To watch my videos on an alternative platform you can visit the Odysee
channel: https://odysee.com/@AvoidingBigBrother:8
This channel will include videos too risky for YouTube because of
content moderation.
I have dropped the pitch of my voice for the videos and use the
alias of Brian Bladen for privacy reasons. I am also paranoid
of being hacked!
FREE TRAINING on our website at https://avoidbigbro.com/lp-courses/
and for blog posts https://avoidbigbro.com/news/
My recommended products (so far) that I use as a lone wolf operator:
Malwarebytes Premium – Antimalware software suitable for personal use
and not an option for business users. Affiliate link included – feel free
to go to Malwarebytes in your browser if you don’t want to include my link
https://prf.hn/l/5NL4PJj
CyberGhost – I had no problems with this VPN and highly recommend.
They are based in Romania where the laws on privacy are not so strict.
Not truely anonymous but good for privacy.
https://www.cyberghostvpn.com/en_US/
KeePass – Excellent offline password manager that I recommend rather
than using a cloud service. https://keepass.info/
You can check out my ebooks at
https://avoidbigbro.com/resources/
Available titles
‘Covert Techniques’ a guide about privacy and how to avoid surveillance.
‘The Bear Roars’ my research on Russian state-sponsored APT groups.
Author Brian Bladen
One thing I did not explain was the activity between the phishing stage (deploying the malware) and the man-in-the-browser attack (to steal credentials). Once phishing is successful, a C2 server will connect to a victim's computer. The hacker can then monitor the victim's browser activity through commands on the C2. The hacker can identify websites that the victim visits and create a replica webpage. The hacker will then inject a plant into the victim's web browser which will divert the victim to the replica site when they enter the correct URL (at this point manipulation of the GET request to divert the victim).