May 24, 2024
By Cybervergent Team

Latrodectus Malware Targets Microsoft 365 and Gmail after Succeeding IcedID

The oldsaying " Anew broom sweeps clean"suitably describes the emergence of Latrodectus. Just as a fresh broom caneffectively clear away the old, this newcomer to the cybercrime space hasrapidly gained prominence, poised to replace its predecessor, and wreak havocin new and innovative ways.

TheLurking Serpent: Aspike in email phishing campaigns has been observed from the start of March2024 that delivers Latrodectus, a nascent malware loader believed to be thesuccessor of the notorious IcedID malware in recent phishing campaigns.

TheVenomous Arsenal:Latrodectus comes with standard capabilities that are typically expected ofmalware designed to deploy additional payloads such as QakBot, DarkGate, andPikaBot, allowing threat actors to conduct various post-exploitationactivities.
Analysis has revealed an extensive focus on enumeration, execution, andself-deletion to evade detection.

TheInfiltration Tactics: Themalware utilizes source code obfuscation, anti-analysis checks, and persistencemechanisms to establish contact with a command-and-control (C2) serverand receive further instructions. This includes the ability to download andexecute IcedID, suggesting a potential development connection between the twomalware variants.

The Targeted Entities: Latrodectus poses a significant threat to businesses,particularly those that rely on Microsoft 365 and Gmail for their day-to-dayoperations. Cybercriminals have been observed leveraging an updated versionof the Tycoon phishing-as-a-service (PhaaS) platform to harvest session cookiesfrom these enterprise platforms and bypass multi-factor authentication (MFA)protections.

Byinfiltrating these widely used business-critical systems, the threat actors cangain unauthorized access to sensitive data and disrupt critical operations.

The Looming Threat:Latrodectus poses a significant threat to businesses, with its enhanced evasioncapabilities making it increasingly difficult for security systems to identifyand block. Cybercriminals behind this malware are skilled at adapting theirtactics to circumvent defensive measures.

Implement robust email security solutions to detect and block phishing attempts
: Deploy advanced email filtering andsandboxing technologies to identify and quarantine suspicious messages beforethey reach employees' inboxes.

Employadvanced endpoint protection and incident response capabilities: Deploy next-generation antivirus andendpoint detection and response (EDR) solutions to monitor and protect yourorganization's endpoints against advanced threats.

Monitor for indicators of compromise and respond swiftly to potentialintrusions:
Continuously monitor your network and systems for signs ofLatrodectus or other advanced persistent threats, such as unusual networktraffic, suspicious process executions, or changes to critical system files.