ICEFOG

ICEFOG Description

ICEFOG (also called Fucobha) is a threat that has been familiar to malware researchers for a while now. This threat has been around since 2013 and is believed to originate from a Chinese-speaking hacking group also named ICEFOG. The ICEFOG malware did not manage to stick around for long and was believed to be an abandoned project. However, a reputable malware expert has released a statement that two updated variants of the ICEFOG malware have been spotted recently. The new versions of the ICEFOG threat are believed to have been used in campaigns in 2014 and 2018. There is evidence that new variants are being used by several different APTs (Advanced Persistent Threat), not just by the original creators of the ICEFOG malware.

The new and updated versions of the ICEFOG malware are called ICEFOG-M and ICEFOG-P. They pack a serious number of features. They are capable of collecting keystrokes, taking screenshots of the desktop and forwarding them to the attackers’ C&C (Command & Control) servers, and listing files in a directory. Furthermore, the ICEFOG-M and ICEFOG-P are able to download files from the Web and upload files to the infected machine from the attackers’ servers directly. Among its other features are renaming and deleting files, terminating processes and setting up new directories. It is evident that an outstanding amount of work has been put into these new and updated variants of the ICEFOG malware. The updated ICEFOG versions feature enhanced security measures, as well as a fully revamped and improved way to communicate with the attacker's control server. Malware experts also have spotted a third variant of the ICEFOG threat – MacFog. The MacFog version of this malware is likely designed to target devices that run MacOS X.

The ICEFOG malware has been employed in multiple campaigns, and the victims have been rather diverse – from banks and government institutions to businesses and media companies. This, of course, makes sense since this threat has been used by multiple different hacking groups around the world and maybe we will see new variants of ICEFOG with even more features pop up in the future.