The Icarus Stealer is a malware threat equipped with various, threatening capabilities. It is being offered for sale to other cybercriminals by its supposed developers. According to the promotional materials, the Icarus Stealer carries significant anti-analysis functionalities that include anti-debugging and anti-virtualization techniques.
Once established on the breached devices, the malware will begin to stealthily gather various sensitive information. It can collect account and log-in credentials for popular applications and messaging clients, such as Skype, Discord and Telegram. Several email clients (Microsoft Outlook, Foxmail, Mozilla Thunderbird) also can be compromised. Icarus can bypass the 2FA (two-factor authentication) security measures.
A successful Icarus Stealer infection will allow the threat actors to manipulate the file system and exfiltrate chosen files, as well as execute arbitrary commands via Command Prompt and PowerShell. By being able to deliver additional files to the victim's device, the attackers could deploy more specialized malware threats. They could drop and execute Trojans, ransomware, clippers, crypto-miners, etc.